Open
Bug 290029
Opened 20 years ago
Updated 3 years ago
TLS Extensions (RFC3546) and OpenPGP public key authentication (Internet-Draft)
Categories
(NSS :: Libraries, enhancement, P4)
NSS
Libraries
Tracking
(Not tracked)
NEW
People
(Reporter: brogon.nospam, Unassigned)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050309 Firefox/1.0.1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050309 Firefox/1.0.1
I'm trying to implement the TLS Extensions in the SSL subtree in order to be
able to integrate OpenPGP authentication as replacement for the usual X.509
authentication scheme (sse http://www.gnutls.org/ for reference implementation
and further information).
Reproducible: Always
Steps to Reproduce:
|
||
Updated•20 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Updated•20 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
|
|
||
Updated•20 years ago
|
Assignee: wtchang → nobody
QA Contact: jason.m.reid → libraries
|
|
||
Updated•19 years ago
|
Priority: -- → P4
|
|
||
Comment 1•17 years ago
|
||
OpenPGP public key authentication now known as rfc5081 (for the benefit of searchers)
|
|
||
Comment 2•15 years ago
|
||
What is the progress on this?
A web-of-trust compliment to CA-roots as well as a working Kerberos TLS (apparently broken in rfc 2712) to compete with IE on intranet's would be great.
I guess, by just browsing some code, the current infrastructure is not capable of sharing this alongside NSS for starters. A hook to allow some kind of hand-over to a plugin is perhaps a good start? Or should the code go in NSS and be configured to be used via a plugin? ...
|
|
||
Comment 3•15 years ago
|
||
s/compliment/complement/
|
|
||
Comment 4•15 years ago
|
||
This RFE began as an individual's announcement that he was developing an
enhancement to NSS for this feature set. Since then, no records of any
progress have been added to this RFE.
The "core" developers of NSS presently have no plans to implement this.
Even if such a feature set was developed and added to NSS, that is no
assurance that Mozilla would incorporate it into their products, e.g. Firefox.
Before anyone decides to spend time on this project, I'd suggest they read
Mozilla's CA policy.
http://www.mozilla.org/projects/security/certs/policy/
Although it is written specifically for CAs, it does reveal Mozilla's motivations and decision bases. It would give you some ideas of what any
new alternative-to-PKI would have to accomplish to be acceptable to Mozilla.
Then I suggest you discuss it in Mozilla's discussion group for topics like this. It is available as a newsgroup and as a mailing list. The name is mozilla.dev.security.policy or dev-security-policy@lists.mozilla.org.
|
|
||
Comment 5•14 years ago
|
||
Meanwhile RFC 6091 was released and with mod_gnutls exists a usable implementation for testing purposes.
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•