NSS:FaceToFace2012
Jump to navigation
Jump to search
NSS Face to Face Meeting
Date: August 7 and 8, 2012 (Tuesday and Wednesday), Dinner on Monday August 6
Location: 650 Castro Street, Mountain View, CA 94041
Arrival: 9:00am, 3rd floor of Mozilla building
Conference Room: Northbridge, 4th Floor, 1-650-903-0800 extension 5480
Teleconference:
- 1-650-903-0800, extension 92, conference number 99161#
- 1-800-707-2533, password 369, conference number 99161#
Etherpad: https://etherpad.mozilla.org/nss-F2F-2012
IRC server: irc.mozilla.org, room: #nss
Attendees: Everyone local should try to attend the appropriate meetings in person. Everyone else may attend the appropriate meetings via teleconference.
High Level Schedule
| Day | Topics |
|---|---|
| Monday | Dinner |
| Tuesday | Context Setting, Roadmaps, NSS Priorities, CAB Forum, Process, Telemetry |
| Wednesday | Infrastructure, Design/Technical Discussions |
| Thursday | Wrap-up (if needed), Design/Technical Discussions (optional) |
Detailed Agenda
Monday, August 6
- Dinner - Scratch in Mtn. View
- Please add your name here if you plan to attend: Kathleen Wilson, Johnathan Nightingale, Gerv Markham, Wan-Teh Chang, Ryan Sleevi, Brian Smith, Elio Maldonado, Kai Engert, Eric Rescorla, Bob Relyea, Josh Aas, Dan Veditz
- Time: 6:00.
- Reservation Details: Your reservation for 12 at Scratch (Mtn View) is confirmed for Monday, August 6, 2012 at 6:00 PM. The reservation is held under: Kathleen Wilson.
Tuesday, August 7
| Day/Time | Meeting Topic | Attendees |
|---|---|---|
| 9:30-10:00 | Context Setting
|
Kai Engert, Bob Relyea, Wan-Teh Chang, Ryan Sleevi, Johnathan Nightingale, Brian Smith, Kathleen Wilson, Gerv Markham, Lukas Blakk |
| 10:00-10:45 | Sharing of Roadmaps, priorities, goals
|
Kai Engert, Bob Relyea, Wan-Teh Chang, Ryan Sleevi, Johnathan Nightingale, Asa Dotzler, Sid Stamm, Lucas Adamski, Brian Smith, Kathleen Wilson, Gerv Markham, Dan Veditz, Josh Aas, Eric Rescorla, Ian Melven, Camilo Viecco, David Keeler |
| 10:45-11:30 |
|
Wan-Teh Chang, Ryan Sleevi, Kai Engert, Bob Relyea, Elio Maldonado, Johnathan Nightingale, Brian Smith, Kathleen Wilson, Gerv Markham, Dan Veditz, Sid Stamm, Lucas Adamski, Josh Aas, Eric Rescorla, Ian Melven, Camilo Viecco |
| 11:30-12:15 | Lunch | |
| 12:15-1:15 | Items particularly related to our CAB Forum participation
|
Wan-Teh Chang, Ryan Sleevi, Kai Engert, Bob Relyea, Elio Maldonado, Johnathan Nightingale, Brian Smith, Kathleen Wilson, Gerv Markham, Dan Veditz, Sid Stamm, Lucas Adamski, Eric Rescorla, Ian Melven, Camilo Viecco |
| 1:15-2:30 | Process
|
Wan-Teh Chang, Ryan Sleevi, Kai Engert, Bob Relyea, Elio Maldonado, Johnathan Nightingale, Brian Smith, Kathleen Wilson, Gerv Markham, Sid Stamm, Tanvi Vyas, |
| 2:30-3:00 | Telemetry for NSS/PSM
|
Kai Engert, Bob Relyea, Sid Stamm, David Chan, Dan Veditz, Brian Smith, Kathleen Wilson, Ian Melven |
Wednesday, August 8
| Day/Time | Meeting Topic | Attendees |
|---|---|---|
| 9:30-10:00 | Follow-up from Monday's meetings. (Was "Infrastructure: Buildbot System Demonstration", but the buildbot is not ready) | Kai Engert, Ryan Sleevi, Bob Relyea, Elio Maldonado, Brian Smith, Josh Aas, Kathleen Wilson, Dustin Mitchell, Justin Wood, Chris Cooper, John O'Duinn |
| 10:00-10:30 | Infrastructure: Version Control | Wan-Teh Chang, Ryan Sleevi, Kai Engert, Bob Relyea, Elio Maldonado, Johnathan Nightingale, Brian Smith, Josh Aas, Kathleen Wilson, Dustin Mitchell, John O'Duinn, Corey Shields, Melissa O'Connor |
| 10:30-11:30 | Infrastructure: Tests and Automation
|
Kai Engert, Bob Relyea, Elio Maldonado, Wan-Teh Chang, Ryan Sleevi, Brian Smith, Josh Aas, Kathleen Wilson, Dustin Mitchell, Justin Wood, Chris Cooper, John O'Duinn, Corey Shields, Melissa O'Connor |
| 11:30-12:30 | Lunch | |
| 12:30-1:00 | FIPS Certification | Wan-Teh Chang, Ryan Sleevi, Kai Engert, Bob Relyea, Elio Maldonado, Johnathan Nightingale, Brian Smith, Kathleen Wilson, Gerv Markham, Sid Stamm |
| 1:00-1:30 | Operating System Requirements and Operating System Integration; e.g.
|
Kai Engert, Bob Relyea, Wan-Teh Chang, Ryan Sleevi, Elio Maldonado, Johnathan Nightingale, Brian Smith, Kathleen Wilson, Gerv Markham, Sid Stamm |
| 1:30-2:30 | Discussion: Upgrade from HTTP to HTTPS | Wan-Teh Chang, Ryan Sleevi, Chris Palmer, Brian Smith, Eric Rescorla |
| 2:30-4:30 | Design/Technical Discussions (topics to be decided by NSS Team) | NSS Team and additional Mozilla folks as needed. |
Thursday, August 9
| Day/Time | Meeting Topic | Attendees |
|---|---|---|
| TBD | Wrap-up (if needed) -- complete any discussions that were left open. | NSS Team and additional Mozilla folks as needed. |
| TBD | Design/Technical Discussions (optional) | NSS Team and additional Mozilla folks as needed. |
Potential Design/Technical Discussion Topics
Here's a list of possible items to have design and/or technical discussions about.
- OCSP Stapling
- CA Pinning
- TLS 1.1
- TLS 1.2
- Libpkix enablement for all certs
- OCSP Get
- libssl4
- J-PAKE
- CA:OCSP-HardFail
- Cert Blocklist via Update Ping
- HSTS
Background: Notes from Kai/Dustin Meeting in June
- NSS is a general purpose C crypto/certificate management library used by a number of applications as well as Mozilla (cert8.db and key3.db holds user stored passwords). NSS contains code that interfaces with multiple security devices (PKCS11) - smart cards, hardware tokens, etc. Chrome on Linux uses NSS as well, but use the local crypto toolkit on windows and OS X
- NSPR is a cross platform API wrapper around various operating system specific C interfaces. NSS is based on NSPR in order to be portable to many platforms.
Releases are done with NSPR/NSS at the same time (keep them in sync). They just ask people not to make any changes, then make a tar ball. No binary releases since it's just a library.
Historically, the people who've worked on NSS have been a bit separate from the rest of the project. Members work at RedHat and Google (for example). During the last year, a few more people have volunteered.
There aren't a lot of updates and the NSS team only does code merges every once in a while. They use CVS for VCS since there's little development compared to the rest of the mozilla project, and they don't want to maintain multiple additional branches or learn a new VCS (not enough people resources).
Currently working on TLS 1.1 and hopefully TLS 1.2 in the future. So there are two branches right now (stable and dev).
IT resources:
- Until recently, it has been a long struggle to get resources since Mozilla has moved on to new processes (tinderbox/bonsai, buildbot, VCS, etc). NSS has requirements that are not being met.
- In the past, Sun was providing people to work on QA/testing, but that went away when Oracle bought Sun. Then Redhat took over. Redhat had to figure out how to run the tests (only old versions of the tests were checked in).
- Redhat only has Linux, not Windows or Macs, so they didn't have the ability to test on those architectures.
- About a year and a half ago, Mozilla offered to help as long as the NSS/NSPR team conformed to the rest of releng systems (all or nothing). The NSS group didn't have the resources to make their things compatible and were spending all of their resources trying to pick up the pieces from the Oracle purchase and subsequent ousting from Sun's hardware/QA group.
- NSS/NSPR needed immediate coverage to get testing on other platforms working, but that took a year (when Dustin stepped in, Mozilla provided community VMs)
- Kai wrote wiki pages on how to set up the VMs to run tests after getting access to these VMs, so that situation is better now.
- Kai is working on a list of steps to get from where the team is now to something closer to what Mozilla would like to support (no more CVS, for example), but they need to plan this out, compromise to find what works best for NSS/NSPR team and Mozilla both, and they need help making the transition (again, lack of people resources on their part).
- Dustin had some suggestions on what might work, but these things still need to be hashed out and defined.