Re: Current algorithm support for Firefox?
On Tue, Mar 10, 2009 at 7:41 PM, Kyle Hamilton wrote: > "Note: Some technologies listed here are not currently implemented, > but are planned for implementation in an upcoming release." > > Are all of these actually implemented in the latest 3.11 release? This document was used for product export control filing. For that purpose, it is fine to declare more than what NSS actually has, hence the note. That document is quite accurate for NSS 3.11.x. The only exceptions I noticed are: 1. In Firefox, only three elliptic curves are supported (NIST P-256, P-384, and P-521 curves). 2. The obsolete FORTEZZA SSL cipher suites have been removed. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Current algorithm support for Firefox?
On Wed, Mar 11, 2009 at 3:35 PM, Jean-Marc Desperrier wrote: > > Are you thinking about adding support for the SHA256 based cipher-suites > from RFC5246 ? I really think SHA-2 support in TLS should be high priority, > the more given that it's little work to implement. I'm interested in seeing TLS 1.2 implemented in NSS, but it's not as little work as you said. We may also need to implement TLS 1.1 at the same time because TLS doesn't have a way to for a client to announce that it supports TLS 1.2 and 1.0, but not 1.1. SHA-1 in TLS 1.0 is used in two places: - In conjunction with MD5 in the PRF - in HMAC-SHA-1 > PS : You seem to be missing reference to the updated version of TLS > standard/algorithms in the links down the page, even those you do implement. We only implemented TLS 1.0 (RFC 2246). We haven't implemented TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246). Are you referring to the RFCs that specify the AES and ECC cipher suites for TLS? Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Microsec Root Inclusion Request Round 2
Are there still questions that need to be addressed in this public discussion phase? Or shall I move forward with making the recommendation to approve this request? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Certigna Root Inclusion Request Round 2
Certigna met our request to post and translate the relevant portions of their CPS. There has been very little resulting discussion. Are there still questions that need to be addressed in this public discussion phase? Or shall I move forward with making the recommendation to approve this request? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Microsec Root Inclusion Request Round 2
On 03/13/2009 07:29 PM, Kathleen Wilson: Are there still questions that need to be addressed in this public discussion phase? Or shall I move forward with making the recommendation to approve this request? I have once again reviewed the letter of confirmation from the National Communications Authority and Microsec has demonstrated compliance to ETSI's requirements according to the letter. In my option there are no outstanding questions and I want to thank István for his very positive cooperation! -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Certigna Root Inclusion Request Round 2
On 03/13/2009 07:34 PM, Kathleen Wilson: Certigna met our request to post and translate the relevant portions of their CPS. There has been very little resulting discussion. Are there still questions that need to be addressed in this public discussion phase? Or shall I move forward with making the recommendation to approve this request? The internal document for code signing should have been made part of the CP/CPS. Apart from that I've not seen anything of concern. Unfortunately my knowledge in the French language is not sufficient enough in order to understand the CPS. Preferable we should be able to review (and understand) the CPS in its entirety, however I don't feel this to be a reason at this stage to question their inclusion after they complied to our requests from the first round. -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Microsec Root Inclusion Request Round 2
I note no outstanding issues, and recommend approval. I'd like to see a photo of how the security tape is wound through the paper translation, but that's just a matter of personal curiosity. :) -Kyle H On Fri, Mar 13, 2009 at 10:29 AM, Kathleen Wilson wrote: > Are there still questions that need to be addressed in this public > discussion phase? Or shall I move forward with making the > recommendation to approve this request? > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
