All,
We have been working on a new certificate verification library for
Gecko, and would greatly appreciate it if you will test this new library
and review the new code.
Background
NSS currently has two code paths for doing certificate verification.
"Classic" verification has been used for verification of non-EV
certificates, and libPKIX has been used for verification of EV
certificates.
As many of you are aware, the NSS team has wanted to replace the
"classic" verification with libPKIX for a long time. However, the
current libPKIX code was auto-translated from Java to C, and has proven
to be very difficult to maintain and use. Therefore, Mozilla has created
a new certificate verification library called mozilla::pkix.
Request for Testing
Replacing the certificate verification library can only be done after
gaining sufficient confidence in the new code by having as many people
and organizations test it as possible.
We ask that all of you help us test this new library as described here:
https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Request_for_Testing
Testing Window: The mozilla::pkix certificate verification library is
available for testing now in Nightly Firefox builds. We ask that you
test as soon as possible, and that you complete your testing before
Firefox 31 exits the Aurora branch in June.
(See https://wiki.mozilla.org/RapidRelease/Calendar)
Request for Code Review
The more people who code review the new code, the better. So we ask all
of you C++ programmers out there to review the code and let us know if
you see any potential issues.
https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Request_for_Code_Review
We look forward to your help in testing and reviewing this new
certificate verification library.
Mozilla Security Engineering Team
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
