Jay Potter wrote: > Hi, I'm new to NSS. I'm involved with a project that uses Pre-Shared > Keys for TLS - AES-256. (RFC 4279). I get the key from an external > module (both Client and Server). This implementation would be perfect > for my application. I would like to see Mozilla handle this cipher set. > Any suggestions on what I would need to do to get this implimented?
Jay, please tell us more about getting the PSK from an external module. When the PSK proposal was put forth to the TLS WG, the vision given for PSKs was that of passwords, pins, or other keys known to humans. This caused many TLS implementors to roll their eyes, and regard the PSK idea as being on far less secure than the mechanisms normally used with TLS. But if the PSK comes from an external module, and is not "static", then perhaps it is worthy of more consideration. So, please share with us info about this module, and how it would communicate with the application (electronically? eyeballs and fingers?) What (if any) User Interface impact would this have on a browser? (I think the right answer, BTW, is "none", because the communication with the module would be all electronic, not involving user participation.) -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
