NSS and Kernel TLS

[清靈語]

Hello,

Sorry to bother you, but I was wondering what the NSS team's attitude is towards Kernel TLS and whether there are any plans to support it in the future?

Best regards,

wordlesswind

[Dennis Jackson]

Dear wordlesswind,

Kernel TLS isn't something we currently have on our roadmap as it doesn't provide much benefit for the types of client applications we typically consider (e.g. Firefox, Thunderbird and similar). I don't know if it's the kind of feature that the Red Hat folks might be interested in though.

Best,

Dennis

--
You received this message because you are subscribed to the Google Groups "dev-tec...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-tech-cryp...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/6a7a7151-b882-4218-98e0-521bc28f704cn%40mozilla.org.

[Robert Relyea]

On 5/15/23 4:14 AM, Dennis Jackson wrote:

Dear wordlesswind,

Kernel TLS isn't something we currently have on our roadmap as it doesn't provide much benefit for the types of client applications we typically consider (e.g. Firefox, Thunderbird and similar). I don't know if it's the kind of feature that the Red Hat folks might be interested in though.

Best,

Dennis

The kernel crypto is pretty basic and meant to support things that must be encrypted in the kernel itself. There isn't any plan to integrate that with any of our libraries (or much reason to). If there was every an integration point, we would probably do it with a PKCS #11 module (which would transparently replace softoken in NSS, and connect with the PKCS #11 engine in openSSL). Such a plan is currently just a 'hmm what if' and I don't see it materializing any time soon.

bob

On Wed, 3 May 2023 at 09:42, 清靈語 <weplays...@gmail.com> wrote:

Hello,

Sorry to bother you, but I was wondering what the NSS team's attitude is towards Kernel TLS and whether there are any plans to support it in the future?

Best regards,

wordlesswind

--
You received this message because you are subscribed to the Google Groups "dev-tec...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-tech-cryp...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/6a7a7151-b882-4218-98e0-521bc28f704cn%40mozilla.org.

--
You received this message because you are subscribed to the Google Groups "dev-tec...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-tech-cryp...@mozilla.org.

To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/CAON8YFOr2pcQBvWSmJ7KhQEphxj5USCiuEHA-BTaEac5sXb3-Q%40mail.gmail.com.