Attendees: anna....@mozilla.com Alexander Sosedkin Benjamin Beurdouche ckersc...@mozilla.com Dennis Jackson dke...@mozilla.com Frantisek Krenzelok Hubert Kario John Schanck Simo Sorce Robert Relyea
Potential Agenda Items:
Overview of major projects, e.g. PQ crypto integrations,
Right Mozilla has a contributor who is working on a hybrid kyber/x25519 and it should land soon.
Going forward, we’d take individual versions.
Sourcing formally verified versions
Kyber implementation from libjade for x86-64 nearly ready to merge
RedHat interested in having upstreams (OpenSSL , GnuTLS(Nettle?), NSS, libgcrypt) converge on a single implementation, maybe liboqs. Envisions formally verified versions being pushed to liboqs.
John will contact liboqs, see if they can commit to supporting NSS like the currently OpenSSL.
Release management: review our processes for ensuring timely reviews, landing patches, tracking bugs that need a fix in a particular version, backporting to ESR, etc.
Avoid using #nss-reviewers for our patches?
Ongoing CI issues,
ASAN looks like permission issues
ARM looks like an environmental issue. Don’t know if we can get treeherder person to look at this.
We have control over our dockerfiles, but not expertise.
Can we enumerate supported compilers and platforms somewhere?
Discussion on the use of Rust in NSS,
e.g. moving Mozilla's new ckbi implementation to the NSS repo [1]
developing a safe and idiomatic rust wrapper [2], providing rust bindings through an "nss-sys" crate.
New versions of NSS are still integrated into RHEL 7.
What version of rust would we be able to use?
Match minimum supported rust version from Firefox ESR?
RSA side channel mitigation.
Still working integrating RSA-PSS from HACL*
Hubert intends to disclose in a research paper / presentation.
ICMC 2023
Talk proposals deadline is today
[1] https://searchfox.org/mozilla-central/source/security/manager/ssl/builtins