CryptoInClientsSummit2006
From MozillaWiki
Contents
Session Title
Crypto in Clients: Trends, Plans, Demos
Session Leader
Bob Lord, Tim Riley
Summary
Bob Lord and members of his security community present trends, plans and demos. This session will emphasize interactive discussion and Q&A.
Agenda
- Overview of Trends
- Plans from the security community
Interested Attendees
Please add your name here if you're likely to attend this session, this will help prioritize sessions and minimize conflicts
- dolske
- beltzner
- Frank Hecker
- timeless
- robcee
- Nelson Bolyard
- Wan-Teh Chang
Meeting Notes
11/15/06
ECC keys
- stronger then equivalent next higher RSA key
- 512 ECC is stronger then 1024 RSA key
- ECC faster to process
- Recommendation is to not encrypt with 1K RSA key in 4-5 years
- 2048 CA keys are common now
TLS 1.2
- Goal: Crypto agility - no hard coded algorithms
- Currently hardcoded to use SHAH 1 and Suite B
- Will this be 312? No sure [dveditz]
FIPS 140-2
- Hardware or software encryption
- Also a Canadian standard
- Last NSS valdation (version 3.2) was in Netscape 6.2
- New validation for NSS 3.11
- takes 3 months for validation
- Want to get 3.11 into 2.0.0.1
- 1.8 branch is already 3.11.3 (FF 2)
- Plan to go to 3.11.4 for 2.0.0.1
- FF1.5 has NSS 3.10.2 (roughly)
- FIPS 5 is the numeric code for states
- New things in Version 2 (140-2) has
- New requirements for strength of passwords
- Auditing events in crypo module
- Same st of user keys
- to get new key:
- Get key from FFx
- copy it off web page
- Copy into TBird
- Cannot directly access same key by both FFx and TBird
- Gov requirement for limit access to keys by different apps
- Tried Sleepycat
- Tried RDB for SQL Lite
LibPKIX
- Path validation standard
- Path Discovery
- OID - Object Identifier
- If you get a message from FBI was it really FBI?