Apr 5, 2023| NSS Red Hat/Mozilla Meeting
<https://www.google.com/calendar/event?eid=MnZscXJjZXM4cTF1bzJrMjVhYXA0N2EzZWsgcmVkaGF0LmNvbV8xODhiNmlqNDJwdTRlZ2I3amphMXBmbDVybzRwZ0ByZXNvdXJjZS5jYWxlbmRhci5nb29nbGUuY29t>
Attendees: anna.we...@mozilla.com
<mailto:anna.we...@mozilla.com>Alexander Sosedkin
<mailto:asosed...@redhat.com>Benjamin Beurdouche
<mailto:bbeurdou...@mozilla.com>ckerschbau...@mozilla.com
<mailto:ckerschbau...@mozilla.com>Dennis Jackson
<mailto:djack...@mozilla.com>dkee...@mozilla.com
<mailto:dkee...@mozilla.com>Frantisek Krenzelok
<mailto:fkren...@redhat.com>Hubert Kario <mailto:hka...@redhat.com>John
Schanck <mailto:jscha...@mozilla.com>Simo Sorce
<mailto:s...@redhat.com>Robert Relyea <mailto:rrel...@redhat.com>
Potential Agenda Items:
*
Overview of major projects, e.g. PQ crypto integrations,
o
Right Mozilla has a contributor who is working on a hybrid
kyber/x25519 and it should land soon.
o
Going forward, we’d take individual versions.
+
Sourcing formally verified versions
+
Kyber implementation from libjade for x86-64 nearly ready to
merge
*
RedHat interested in having upstreams (OpenSSL , GnuTLS(Nettle?),
NSS, libgcrypt) converge on a single implementation, maybe liboqs.
Envisions formally verified versions being pushed to liboqs.
*
John will contact liboqs, see if they can commit to supporting NSS
like the currently OpenSSL.
*
Release management: review our processes for ensuring timely
reviews, landing patches, tracking bugs that need a fix in a
particular version, backporting to ESR, etc.
o
Meta bug for Firefox uplifts
<https://bugzilla.mozilla.org/show_bug.cgi?id=1816499>
o
Avoid using #nss-reviewers for our patches?
*
Ongoing CI issues,
o
ASAN looks like permission issues
o
ARM looks like an environmental issue. Don’t know if we can get
treeherder person to look at this.
o
We have control over our dockerfiles, but not expertise.
o
Can we enumerate supported compilers and platforms somewhere?
*
Discussion on the use of Rust in NSS,
o
e.g. moving Mozilla's new ckbi implementation to the NSS repo [1]
o
developing a safe and idiomatic rust wrapper [2], providing
rust bindings through an "nss-sys" crate.
o
New versions of NSS are still integrated into RHEL 7.
o
What version of rust would we be able to use?
+
Match minimum supported rust version from Firefox ESR?
*
RSA side channel mitigation.
o
Still working integrating RSA-PSS from HACL*
o
Hubert intends to disclose in a research paper / presentation.
*
ICMC 2023
o
Talk proposals deadline is today
o
https://icmconference.org/ <https://icmconference.org/>
[1]https://searchfox.org/mozilla-central/source/security/manager/ssl/builtins
<https://searchfox.org/mozilla-central/source/security/manager/ssl/builtins>
[2]https://github.com/mozilla/nss-gk-api
<https://github.com/mozilla/nss-gk-api>
--
You received this message because you are subscribed to the Google Groups
"dev-tech-crypto@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to dev-tech-crypto+unsubscr...@mozilla.org.
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/7f6f630b-b80e-46b5-ae60-db9ca9bdb0e8%40redhat.com.
