Hi I believe we now have enough evidence that a serious issue, #125431, where AOO lies that the password for encrypted files is wrong when it isn't, is caused by a failure in NSS: * deliberately corrupting the Mozilla profile reproduces the issue on all operating systems * a patch I've written that reimplements xmlsecurity digest functions using OpenSSL instead of NSS, allows encrypted documents to open despite a corrupted Mozilla profile * someone with the issue on FreeBSD reported my patch fixes it
Always having been category B and now also commonly breaking in the field, it's past time for NSS to go. But this brings me to my question: what do we replace it with? We already use OpenSSL for some things, and my patch which uses it is enough to fix the problem with opening encrypted files. Its license suits us better. Our libxmlsec library can use it in place of NSS. Java has a rich cryptographic API and is widely used for cryptography. It is however an optional dependency to AOO. It also needs the unlimited strength JCE policy files to use AES-256, but there are workarounds. Are there more? The important differences are: * NSS has passed FIPS-140 validation ( https://wiki.mozilla.org/FIPS_Validation). OpenSSL hasn't really ( https://www.openssl.org/docs/fipsnotes.html) while Java supposedly has ( http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/FIPS.html). Do we care? * We use certificate verification (for what, digitally signed documents?). This means we need access to the root certificates of all the CAs. Securely updating, expiring and revoking CA certificates across 40 million users is a problem we should rather delegate to someone else. Currently, we are using MSCrypto on Windows, and Thunderbird's/Firefox's certificates (via NSS) on other platforms. OpenSSL doesn't come with a list of CA certificates. Java does, but I don't know whether "This file is encrypted, please install Java to open it" will fly. Maybe we could combine them. Use OpenSSL for most of xmlsecurity, and fall back to Java when available for its certificates? Or keep NSS but scale it down to only dealing with certificates, and use something else for implementing other xmlsecurity features? Thank you Damjan
