Closed Bug 340043 Opened 19 years ago Closed 9 years ago

Implement "fixed_ECDH" TLS client auth methods on client side

Categories

(NSS :: Libraries, enhancement, P4)

Product:
NSS
Component:
Libraries
Version:
3.11.1
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: nelson, Unassigned)

References

(
URL
)

Details

RFC 4492 (ECC in TLS) defines 3 methods for client authentication. NSS presently implements only the first one: ECDSA_sign which is most like the client auth method used with RSA certs. This RFE asks for NSS to implement the other two, ECDSA_fixed_ECDH RSA_fixed_ECDH on the client side, so that an NSS client can use these methods with a server that requests them.
Priority: -- → P4
This is something that I hope to discuss at one of the upcoming NSS meetings. I am going to argue that Firefox should NOT implement support for fixed DH or fixed ECDH client certificates. Avoiding these cipher suites will enable some more bypass-mode-like optimizations that I'm considering for Firefox to solve a variety of issues affecting Firefox.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.