A Brief History of Personal Security Manager

Newsgroup: mozilla.dev.tech.crypto
Technical contact: Javier Delgadillo

Manager: Bob Lord

Netscape Personal Security Manager was originally conceived as a set of libraries plus a daemon that would perform cryptographic operations on behalf of Communicator and other desktop applications. Factors driving this approach included the following:

  • In the past, crypto-savvy customers often asked Netscape to fix bugs or add security features outside the normal Commnicator release sechdule. The PSM model gave the development team more freedom to act quickly without waiting for the next Communicator release.
  • Communicator 4.x uses an older version of NSPR than Personal Security Manager does. Different versions of NSPR cannot be mixed in the same process, because each would be trying to control the same resources and the data structures would differ. Putting Personal Security Manager into its own process made it possible to take advantage of the latest NSPR code without requiring the rest of the client to do so.
  • Communicator 4.x uses an older version of NSS. Putting Personal Security Manager into its own process made it possible to take advantage of the latest NSS code, which supports new crypto features as well as improved SSL performance.
  • Networking code for Mozilla was not available until the end of 1999. If we hadn't started work on Personal Security Manager until then, it would not have been finished in time to ship with Netscape 6.
  • Isolating the crypto code made it more difficult to subvert the mechanisms used to enforce U.S. export regulations in international versions of Communicator.

Personal Security Manager was originally designed (around 1998) to use special lightweight plug-ins with Communicator and other client applications, plus a common protocol that all such plug-ins would use to communicate with the Personal Security Manager daemon. This solution addressed the above concerns and is reflected in the design of PSM 1.x. In effect, Personal Security Manager adopted a modular model long before Mozilla did, thus getting a head start on development work that otherwise would have had to wait until the end of 1999.

The U.S. export regulations changed dramatically at the beginning of 2000, making it much easier to export strong crypto to most countries and to publish unencumbered crypto source code to Mozilla as open source (see Netscape Security Services for details). As a result, future PSM development can focus on taking better advantage of Mozilla features and modularity. With this in mind, we have decided to retool Personal Security Manager as described in the PSM 2.0 Roadmap.

Personal Security Manager 1.x binaries were originally released in two forms:

  • Netscape Personal Security Manager for Communicator 4.x. This version of PSM supports all the security features of Communicator 4.x, plus advanced certificate management features such as separate signing and encryption certificates (sometimes called "dual-key certificates"), automatic storage of encryption keys, automatic revocation checking via OCSP, and automatic renewal. It also takes advantage of U.S. export regulations that came into force in early 2000. We intend to maintain and support this version for Communicator 4.x products. For download information, see Netscape Personal Security Manager Documentation.
  • Netscape Personal Security Manager for Mozilla. This version of PSM was identical to the version for Communicator 4.x, except that the glue code within Mozilla differed from the glue code within Communicator. It could not be released as part of Mozilla because it relied on crypto code licensed from RSA. In addition to being available for installation via the XPI interface with Mozilla builds, it was included with Netscape 6 builds.
PSM is now fully open-source and builds with Mozilla on a daily basis, so a separate version of PSM for Mozilla is no longer necessary.

PSM 2.0 will not work with Communicator 4.7x browsers as PSM 1.x did, but will be strictly a M