Open Bug 340044 Opened 18 years ago Updated 1 year ago

Implement TLS server side of "fixed_ECDH" client auth methods

Tracking

(Not tracked)

Status:

NEW

People

(Reporter: nelson, Unassigned)

References

(
URL
)

Details

Nelson Bolyard (seldom reads bugmail)

Reporter

Description

•

18 years ago

RFC 4492 (ECC in TLS) defines 3 methods for client authentication.
NSS presently implements only the first one: ECDSA_sign 
which is most like the client auth method used with RSA certs.

This RFE asks for NSS to implement the other two, 
          ECDSA_fixed_ECDH      
          RSA_fixed_ECDH    
on the server side, so that an NSS server can ask a remote TLS client 
to authenticate with these methods instead of, or in addition to, the
ECDSA_sign.

Nelson Bolyard (seldom reads bugmail)

Reporter

Comment 1

•

18 years ago

Note that presently, NSS servers configured to request client auth for ECC
will always request the method ECDSA_sign, and all the desktop ECC TLS 
clients are believed to implement this method.

Nelson Bolyard (seldom reads bugmail)

Reporter

Updated

•

18 years ago

Priority: -- → P3

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

Comment hidden (spam)

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Implement TLS server side of "fixed_ECDH" client auth methods

Categories

(NSS :: Libraries, defect, P3)

Tracking

(Not tracked)

People

(Reporter: nelson, Unassigned)

References

(
URL
)

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Updated

Comment 2