Mozilla/Redhat NSS minutes 2023-04-05

19 views
Skip to first unread message

Robert Relyea

unread,
Apr 5, 2023, 12:57:10 PM4/5/23
to mozilla's crypto code discussion list

Apr 5, 2023 | NSS Red Hat/Mozilla Meeting

Attendees: anna....@mozilla.com Alexander Sosedkin Benjamin Beurdouche ckersc...@mozilla.com Dennis Jackson dke...@mozilla.com Frantisek Krenzelok Hubert Kario John Schanck Simo Sorce Robert Relyea



Potential Agenda Items:

  • Overview of major projects, e.g. PQ crypto integrations,

    • Right Mozilla has a contributor who is working on a hybrid kyber/x25519 and it should land soon.

    • Going forward, we’d take individual versions.

      • Sourcing formally verified versions

      • Kyber implementation from libjade for x86-64 nearly ready to merge

  • RedHat interested in having upstreams (OpenSSL , GnuTLS(Nettle?), NSS, libgcrypt) converge on a single implementation, maybe liboqs. Envisions formally verified versions being pushed to liboqs.

  • John will contact liboqs, see if they can commit to supporting NSS like the currently OpenSSL.

  • Release management: review our processes for ensuring timely reviews, landing patches, tracking bugs that need a fix in a particular version, backporting to ESR, etc.

  • Ongoing CI issues,

    • ASAN looks like permission issues

    • ARM looks like an environmental issue. Don’t know if we can get treeherder person to look at this.

    • We have control over our dockerfiles, but not expertise.

    • Can we enumerate supported compilers and platforms somewhere?

  • Discussion on the use of Rust in NSS, 

    • e.g. moving Mozilla's new ckbi implementation to the NSS repo [1]

    •  developing a safe and idiomatic rust wrapper [2], providing rust bindings through an "nss-sys" crate.

    • New versions of NSS are still integrated into RHEL 7.

    • What version of rust would we be able to use?

      • Match minimum supported rust version from Firefox ESR?

  • RSA side channel mitigation.

    • Still working integrating RSA-PSS from HACL*

    • Hubert intends to disclose in a research paper / presentation.

  • ICMC 2023



[1] https://searchfox.org/mozilla-central/source/security/manager/ssl/builtins

[2] https://github.com/mozilla/nss-gk-api

Reply all
Reply to author
Forward
0 new messages