Implement TLS server side of "fixed_ECDH" client auth methods

NEW
Unassigned

Status

NSS
Libraries
P3
normal
12 years ago
8 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

RFC 4492 (ECC in TLS) defines 3 methods for client authentication.
NSS presently implements only the first one: ECDSA_sign 
which is most like the client auth method used with RSA certs.

This RFE asks for NSS to implement the other two, 
          ECDSA_fixed_ECDH      
          RSA_fixed_ECDH    
on the server side, so that an NSS server can ask a remote TLS client 
to authenticate with these methods instead of, or in addition to, the
ECDSA_sign.
(Reporter)

Comment 1

12 years ago
Note that presently, NSS servers configured to request client auth for ECC
will always request the method ECDSA_sign, and all the desktop ECC TLS 
clients are believed to implement this method.  
(Reporter)

Updated

12 years ago
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.