Confirmed users, Administrators
5,526
edits
SecurityEngineering/mozpkix-testing: Difference between revisions
SecurityEngineering/mozpkix-testing (view source)
Revision as of 23:02, 18 March 2014
, 18 March 2014no edit summary
(Created page with "= Background = NSS provides a robust implementation and API for abstracting many of the complex, easy-to-get-wrong parts of a number of protocols. NSS consists of code tha...") |
mNo edit summary |
||
| Line 1: | Line 1: | ||
= | = MozPKIX = | ||
NSS provides a robust implementation and API for abstracting many of the complex, easy-to-get-wrong parts of a number of protocols. NSS consists of code that supports certificate verification, S/MIME, SSL, and crypto. NSS currently has two code paths for doing certificate verification. "Classic" verification has historically been used for verification of non-EV certificates, and libPKIX has historically been used for verification of EV certificates. | NSS provides a robust implementation and API for abstracting many of the complex, easy-to-get-wrong parts of a number of protocols. NSS consists of code that supports certificate verification, S/MIME, SSL, and crypto. NSS currently has two code paths for doing certificate verification. "Classic" verification has historically been used for verification of non-EV certificates, and libPKIX has historically been used for verification of EV certificates. | ||
| Line 5: | Line 5: | ||
As many of you are aware, the NSS team has wanted to replace the "classic" verification with libPKIX for a long time. However, the current libPKIX code was auto-translated from Java to C, and has proven to be very difficult to work with. Therefore, Mozilla has created a new certificate verification library called mozpkix. | As many of you are aware, the NSS team has wanted to replace the "classic" verification with libPKIX for a long time. However, the current libPKIX code was auto-translated from Java to C, and has proven to be very difficult to work with. Therefore, Mozilla has created a new certificate verification library called mozpkix. | ||
= Request for Testing = | == Request for Testing == | ||
Replacing the certificate verification library can only be done after gaining sufficient confidence in the new code by having as many people test it as possible. So we ask that all of you help us test this new library as follows. | Replacing the certificate verification library can only be done after gaining sufficient confidence in the new code by having as many people test it as possible. So we ask that all of you help us test this new library as follows. | ||
| Line 22: | Line 22: | ||
# If issue found, please file Bugzilla bug (https://bugzilla.mozilla.org/enter_bug.cgi) with Product= ? and Component= ? | # If issue found, please file Bugzilla bug (https://bugzilla.mozilla.org/enter_bug.cgi) with Product= ? and Component= ? | ||
= Request | == Request for Code Review == | ||
The mozpkix code can be found .... | The mozpkix code can be found .... | ||