NSS:BurnDownList
From MozillaWiki
All priorities and text are subject to discussion and change.
Contents
Bugs
NSS Bugzilla Bugs
Click here for a Wiki page showing useful information about NSS Bugzilla Bugs.
Here are direct Bugzilla queries regarding NSS bugs:
- Critical or Blocking Bugs -- New or Unconfirmed
- Critical or Blocking Bugs -- Assigned and Open
- P1 Bugs -- New or Unconfirmed
- P1 Bugs -- Assigned and Open
PSM Bugzilla Bugs
Wiki pages showing useful information about PSM Bugzilla Bugs.
Here are direct Bugzilla queries regarding PSM bugs:
- Critical or Blocking Bugs -- New or Unconfirmed
- Critical or Blocking Bugs -- Assigned and Open
- P1 Bugs -- New or Unconfirmed
- P1 Bugs -- Assigned and Open
SSL Burn Down List
The intent of the following tables is to list items that require significant work and/or coordination, will need to be discussed and/or communicated to a larger forum, impact is significant, or are of interest to many of the participants or users.
Priorities are as follows:
- P1 - Must fix immediately, because it's a bad regression.
- P2 - We need this immediately for improving security; everyone is waiting for us.
- P3 - We really should to this, because it's a great security improvement.
- P4 - Less important than P3.
- P5 - Less important than P4.
Priorities are relative, so a bug that is P3 may move up in priority when a much needed P1 or P2 enhancement has been completed. Also, priorities may be changed based on need and circumstance.
Note that the "Pr" column is overloaded to show both the priority and whether the change impacts NSS, PSM, or both.
Priorities marked with an asterisk indicate that they are on Mozilla's Security or Privacy Roadmaps.
Completed
Completed -- Lists completed items that were tracked in this SSL Burn Down List page.
In Progress
Actively being worked on by an engineer, or ready to be picked up in a release.
| Pr | Enhancement | Related Bugs | Dependencies | Level of Effort | Status | Notes |
|---|---|---|---|---|---|---|
| P2 NSS | Move existing NSS tests to Mozilla-supported hardware | bug 648676, bug 799855 | Need Mozilla Release Eng to spin up new boxes for NSS tests. | Need Buildbot from Mozilla | VMs received for Mac and Linux. Still need VMs for Windows and Mac64. | |
| P2 NSS | Enable libpkix for all certificates | bug 651246 | see dependency list in bug | Remaining issues - see bug 699874, bug 775827 | Need to be careful when rolling this out in releases, and avoid changing too many variables at once. (e.g. CRL downloading, AIA fetching, OCSP checking of intermediates) | |
| P2* NSS PSM | Disallow weak RSA keys | bug 360126, bug 134735, bug 623265, bug 622859 | libpkix, bug 790809 | TBD |
|
|
| P2 NSS | Memory Leak Testing on Mozilla VM | This is important to avoid regressions in the NSS software component. In moving to libpkix we will need to make sure our testing is as complete as possible so that we don't regress anything when we fix bugs requiring tricky changes to libpkix. Our current automated NSS testing may not be insufficient, because a lot of configuration was hidden on computers run by Sun/Oracle. | ||||
| P3 NSS, PSM | Name Constraints Support |
NSS: bug 757857, bug 757854, PSM: bug 757832 |
In Progress - Kai | Mozilla Policy is being updated to require externally-operated subCAs to include Name Constraints when they are not audited.
|
||
| P3 NSS | Enhance documentation and example code | bug 912360 | Make it easier to get started with NSS, to encourage adoption. | |||
| P4* NSS PSM | CA pinning | bug 744204 | libpkix as default - bug 651246,
centralization of cert verification -- bug 813418 |
In Progress - Camilo Viecco - Land enabled built-in pins in Q3. Land host based pins in Q4 | Mozilla P1
Key Pinning is a mechanism by which site owners can specify a set of keys (actually fingerprints of the keys) such that the in the next connection to the site, the set of keys in the certificate chain MUST intersect with the set of keys 'pinned' in the browser. |
|
Ready for Implementation
Defined, Prioritized, and Ready for an engineer to grab.
| Pr | Enhancement | Related Bugs | Dependencies | Level of Effort | Status | Notes |
|---|---|---|---|---|---|---|
| P3 NSS | Enforce nested EKU constraints | bug 725351 | Mozilla Policy requires externally-operated subCAs certs to include EKU when they are not audited. This enforcement of EKU exists in the old NSS code, but it needs to be added to the libpkix code. | |||
| P3 NSS | Isolate NSS Tests | bug 764978 | see bug | see bug | big, but can be done in phases | Change NSS testing to not require any connections to the outside world |
| P3 NSS | Make a test suite that only depends a downloaded packaged NSS build | bug 764979 | Change NSS testing to separate building and testing | |||
| P3 PSM | Better distinction in Certificate Manager between DIStrusted certs and trusted certs | bug 733716 | Certificate Manager now shows DIStrusted certs, but there is no indication to distinguish them from trusted certs. | |||
| P3? PSM? | Show current system time on cert-expired/not-yet-valid error page | bug 783757 | ||||
Needs Definition / Prioritization
Needs further definition, discussion, design, or prioritization before an engineer can implement it.
| Pr | Enhancement | Related Bugs | Dependencies | Level of Effort | Status | Notes |
|---|---|---|---|---|---|---|
| P? NSS PSM | Enforce Baseline Requirements | Consider enforcing via code the following BR requirements:
|
||||
| P2 NSS | Limit information included in patches to distrust certs | bug 826640 | addbuiltin -D should not disclose more information than necessary to distrust the affected cert | |||
| P2 NSS PSM | Switch Firefox to sqlite shared DB | Big | NSS needs to move off of the unsupported DB. The current DB has many known issues that could lead to memory corruption. It is a ticking time bomb. Migration to the new DB is a big migration effort. Most of the work at the NSS level is done. From the user perspective this will provide ability to share certs between applications. However, the biggest reason for doing this is to avoid an emergency when the current DB fails and becomes corrupted. | |||
| P2 NSS? PSM? | OCSP Caching | bug 775376 | TBD | This will likely block fetching of intermediate OCSP responses. There is a bug on file for this, but it is in the NSS component. Probably, we should implement this caching in PSM, because we should reserve the cert.db for things the user has explicitly added/removed. | ||
| P2 NSS? PSM? | Caching of certificate validation results in memory | TBD | This will be need to be done as part of doing certificate validation for items fetched from the HTTP cache, to avoid regressing performance. | |||
| P2 NSS | Check Revocation of Intermediate Certs | bug 155481 | Caching | TBD | CA's should be able to revoke intermediate certs and have all certs under that subCA no longer trusted, without having to add the cert to Mozilla's Distrust list. Concerns: will cause performance regression; will require significant work to reduce the performance impact. This would require approval from release-drivers due to performance regression. We should not block switching to libpkix by default on this, so we should disable intermediate OCSP fetching for non-EV certs in libpkix first, and then use this bug to track re-enabling it in a way that doesn't regress performance. | |
| P3 PSM | Implement extension point for extensions to influence trust decisions in PSM | bug 644640 | Some outside contributors are willing to write the code? | Other projects are blocked on this, and this is a leverage effect to enable research of future improvements to web trust. Mozilla is feeling a lot of pressure to implement. | ||
| P3* NSS PSM | Rapid blocklist of certs via a push mechanism or update ping | bug 647868 | Mozilla P2.
|
|||
| P3 NSS | Stop caching intermediate certificates on disk | This is especially problematic in our code that uses classic cert validation, but Google found that it was even problematic when using libpkix. (We need to talk to Ryan, Wan-Teh, and Adam Langley to find out why.) | ||||
| P4 PSM | Remove PSM's assertion about run-by and WebSite Owner for non-EV | bug 740571#c10 | ||||
| P4 PSM | Enforce EV requirements in code | bug 585122, bug 470926 | OCSP Stapling | TBD | e.g. Don't provide EV when cert doesn't have AIA OCSP URI. Enforce things like subject naming, maximum validity period, minimum key sizes and required extensions. Kathleen to communicate to CAs that they must revoke all EV SSL certs that don't meet the technical requirements of our program and EV. | |
| P4 PSM | Improve error behaviour for expired certs (know the correct time) | bug 712612 | Fairly small | We should store the real time and warn a user if their clock is wrong. Shouldn't be done by a core NSS/PSM developer. Could be assigned to someone who wants to join NSS/PSM as a starting project. | ||
| P4 NSS? PSM | Date-based root revocation | bug 712615, bug 643982 | This means that any certs issued in the hierarchy before date X will continue to be trusted, but any certs issued on or after date X will not be trusted. This would allow us to revoke a root cert without breaking the web. Good idea, but complicated to get done using general code. Let's get dynamic revocation checking improved first. We can handle this on a case-by-case during emergencies. | |||
| P4 NSS | OCSP multi-stapling | bug 611836 | TBD | |||
| P5 NSS | Migrate NSS tests into Mozilla's current continuous build system | Probably means moving source code from CVS to Mercurial | This is probably a lot of work. NSS engineers should rather focus on security improvements. The NSS project has tinderboxes mostly maintained by Red Hat. Mozilla's continuous build system has moved to Buildbot. | |||
| P5 PSM | Certificate Viewer should show SHA1 and SHA256 Fingerprints | bug 622332 | TBD | TBD | Currently it shows SHA1 and MD5. Very simple bug. Find a person understanding Mozilla's general UI code (XUL) who drives it. If help is needed from the NSS team to deliver this information, it can be easily done on the side. | |
| P5 NSS | CAA, a.k.a. Do Not Issue | None yet | TBD | Remove from list? | Need to see whether we can do client-side checks for this. First, there would need to be a general commitment in the web that this will be used as a near term standard by most. | |
| P5 NSS? PSM? | DANE | None yet | TBD | Nice to have, but doesn't solve all the problems, and there is no commitment that a majority will use it. | ||
Wish List
Needs to be considered in planning and/or included in the prioritizing table above.
From Brian:
| Pr | Enhancement | Notes |
|---|---|---|
| P2 NSS | SPDY -- make SSL faster so more sites can use it more often, which is good for security, and it requires NPN and perhaps other changes to libssl. | Mozilla requirement |
| P3 NSS | performance improvements -- performance issues result in the likes of bug 713503#c37 that propose bypassing the networking and security stack completely. | |
| P3 NSS | False Start -- make SSL faster so more web sites can use it more often, which is good for security, and requires work with or on libssl. | Mozilla is demanding it, performance is important. But the current False Start "spec" needs work. Brian to provide feedback to Google about it |
| P5 NSS+Gecko | Origin-bound-cookies -- security-enhancing feature that requires changes to libssl | Google is implementing the NSS part. We should review and provide feedback on the spec. |
| P5 NSS+Gecko | Channel-bound-cookies |
From Kathleen (many of these are collected from others):
| Pr | Enhancement | Notes |
|---|---|---|
| P? NSS | Add code to NSS to watch for certs being used in MITM, and if any are detected in the wild, automatically store and forward the entire chain as proof to Mozilla, EFF's SSL Observatory, and other public CA auditing projects. If any such cert is found to have been issued, the CA that issued it would be summarily removed from the list of trusted roots. Identifying such 'rogue' sub-CA certs could be easily done with a small whitelist of the hashes of the CA's internal use sub-CAs. No new protocol needed. | |
| P? PSM | Improve user experience in paid-for internet connections. Before you can pay, you often cannot contact an OCSP server yet (bug 340548), which results in a security error on the payment page. OCSP stapling and overrides could help. | Implement browser user interface that allows users a temporary, short-lived override (proceed anyway). |
| P? NSS? | Persistent OCSP cache on disk. Some MITM attacks are only temporary, and if we cached revocation information on disk, the browser would be prepared for a later MITM attack involving the known revoked certificate. | |
| P? | bug 508633 -- OCSP timeout should not kill page load. | |
| P? | bug 672127 -- Cached OCSP response should not be deleted unless/until replacement is fully constructed. | |
| P3 PSM UI Necko FF Server-Evangelism | HARD FAIL connections without an explicit revocation response.
and/or Enforce OCSP by default (FF->Preferences->Advanced->Encryption->Validation-> "When an OCSP server connection fails, treat the certificate as invalid" should be checked by default). Before this will be possible, need:
|
blocked on bug 562917 and other issues. We should seriously consider alternate certificate trust mechanisms before doing any work here.
A lot of problems need to be solved before this change can be made.
|
| P4 NSS | Currently EV treatment will not be given unless OCSP works for both the end-entity certs and the intermediate certs. BR 13.2.2: Effective 1 January 2013, the CA SHALL support an OCSP capability using the GET method for Certificates issued in accordance with these Requirements.
|
Solved by having libPKIX by default? |
| P5 NSS | Regular/Automated testing of OCSP services for roots included in NSS | No C/C++ coding necessary, find a non-NSS person to help us with it. Bash scripting skills might be sufficient. |
| P5 NSS | Respect name constraints even in the root cert. I believe name constraints are currently enforced in both the old library and also now in libPKIX, but I don't think the code checks for name constraints in the root cert.
|
Let's re-evaluate after we have libPKIX by default. |
| P5 NSS | bug 394919#c48: This patch updates the libpkix code to use the new CERT_GetConstrainedCertificateNames function. | |
| P5 NSS | bug 552346: Stop honoring DNS names found in subject common names in CERT_VerifyCertName | |
| P5 NSS | Evaluate proposals to update OCSP.
|
Listed elsewhere:
- Bugs grouped by importance and functional areas: https://wiki.mozilla.org/PSM:Topics
- https://wiki.mozilla.org/NSS:Roadmap#Capture_from_NSS_3.12_planning
- LibPKIX features
- Non-blocking cert verification
- CRL Fetching using CRLDP extensions
- SSL enhancements
- Server side SNI
- Server side DHE
- Support single use keys
- Tool Improvements
- pkcs 7 cert packager
- better diagnostics for pk12util
- rationalized option names
- localization of tools
- ECC for S/MIME
- LibPKIX features
- https://wiki.mozilla.org/NSS:Roadmap#Proposals_for_NSS_3.13
- Add PKCS#11 PEM Reader, bug 402712
- Create brand new NSS samples, bug 490238
- Remove function definitions from pk11pars.h, bug 466042
