Closed
Bug 307210
Opened 19 years ago
Closed 16 years ago
Add support for SEED (RFC 4010)
Categories
(NSS :: Libraries, enhancement, P5)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 453234
People
(Reporter: andrejohn.mas, Unassigned)
References
Details
(Keywords: helpwanted)
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 SEED is a Korean developed 128-bit encryption mechanism. Having been developed outside the US it should be useable internationally, ie it should not be affected by US export restrictions. RFC 4010 covers this encryption algorithm. For this reason it would be good to have NSS support this natively. Reproducible: Always
Comment 1•19 years ago
|
||
The title of RFC 4010 is "Use of the SEED Encryption Algorithm in Cryptographic Message Syntax (CMS)." See http://www.ietf.org/rfc/rfc4010.txt.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 2•19 years ago
|
||
US export restrictions have nothing to do with the algorithm's country of origin.
Reporter | ||
Comment 3•19 years ago
|
||
Sorry, the right RFC is 4009: http://www.isi.edu/in-notes/rfc4009.txt
Comment 4•19 years ago
|
||
Our built-in software crypto module (the softokn3 shared library/DLL) only implements algorithms that are either approved by the US National Institute of Standards and Technology (NIST) or are commonly used internationally. Since NSS supports a plug-in architecture for third-party crypto modules, you can implement SEED in a PKCS #11 module (i.e., Cryptoki library) and configure NSS to use it for SEED. To do this, you need to first get new PKCS #11 "mechanisms" defined for SEED. You can do that by sending a proposal to the cryptoki@rsasecurity.com mailing list. The web page http://www.rsasecurity.com/rsalabs/node.asp?id=2143 has the instructions for subscribing to the cryptoki mailing list.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → WONTFIX
Target Milestone: --- → 3.11
For what it's worth, the current SEED RFCs are: ftp://ftp.rfc-editor.org/in-notes/rfc4269.txt The SEED Encryption Algorithm ftp://ftp.rfc-editor.org/in-notes/rfc4162.txt Addition of SEED Cipher Suites to Transport Layer Security (TLS) ftp://ftp.rfc-editor.org/in-notes/rfc4196.txt The SEED Cipher Algorithm and Its Use with IPsec ftp://ftp.rfc-editor.org/in-notes/rfc4010.txt Use of the SEED Encryption Algorithm in Cryptographic Message Syntax (CMS) (In reply to comment #4) > Our built-in software crypto module (the softokn3 shared library/DLL) > only implements algorithms that are either approved by the US National > Institute of Standards and Technology (NIST) or are commonly used > internationally. Does "commonly used internationally" include something that's the primary algorithm used in one country (South Korea, in this case)? See http://www.kanai.net/weblog/archive/2007/01/26/00h53m55s for some more details on the situation in South Korea.
Comment 6•17 years ago
|
||
David, Please look at bug 361025 and the patches attached thereto. The nation of Japan has done something similar to what the nation of South Korea has done, defined their own cipher (named "Camellia") and TLS cipher suites that use their ciphers. Some developers in Japan did an excellent job of it. They not only got RFCs published, but they also went to the PKCS#11 working group and defined new PKCS#11 "mechanisms" for their ciphers. Finally they contributed a patch to NSS that implements the cipher in freebl, implements the new PKCS#11 mechanisms in softoken, implemented the new TLS cipher suites in libSSL, and implemented tests for their cipher suites in NSS's QA test scripts. In other words, they did a complete and thorough job. (I wish we could get them to come work on NSS full time!) If some Koreans wanted to do a similarly complete job for SEED as the Japanese have done for Camellia, and contribute a patch to NSS as the Japanese have done, I think we'd take it, just as we are taking the Japanese contribution for NSS 3.12. But so far, this SEED RFE is asking the NSS team to do all the work, and no one has volunteered to contribute anything. The NSS team's sponsors aren't interested in SEED. That's why it's marked WONTFIX. But like I said, if someone contributes an implementation that is as thorough and good as the Japanese Camellia contribution, I believe we'd take it.
(In reply to comment #6) > But so far, this SEED RFE is asking the NSS team to do all the work, > and no one has volunteered to contribute anything. The NSS team's > sponsors aren't interested in SEED. That's why it's marked WONTFIX. > > But like I said, if someone contributes an implementation that is as > thorough and good as the Japanese Camellia contribution, I believe > we'd take it. That summary seems perfectly reasonable to me, except I'm not sure the WONTFIX status reflects it accurately. General usage of WONTFIX in other mozilla.org products is that it means that a fix would not be accepted. (What you described sounds like the "helpwanted" keyword.) That said, even the WONTFIX status seems reasonable given that it can be done as an extension. I just thought I'd point out what I knew about the issues that wasn't reflected in the bug report already.
Updated•17 years ago
|
Status: RESOLVED → REOPENED
Keywords: helpwanted
Priority: -- → P5
Resolution: WONTFIX → ---
Target Milestone: 3.11 → ---
Version: unspecified → 3.10
Updated•17 years ago
|
Assignee: wtchang → nobody
Status: REOPENED → NEW
QA Contact: jason.m.reid → libraries
Comment 8•16 years ago
|
||
patch contributed in bug 453234
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 19 years ago → 16 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•