PSM 2.0 Plan
(Codename: PIP)

Newsgroup: mozilla.dev.tech.crypto
Technical contacts: Javier Delgadillo and Terry Hayes
Engineering manager: Bob Lord


Contents

Introduction
Goals
PSM 2.0 Prioritized Feature List
New User Interface
Platforms and Dependencies
Documentation Plan
Schedule


Introduction

Early last year, we contributed PSM to the open source community along with Network Security Services (NSS). All the code that we could publish was released on mozilla.org. Initially, builds of PSM intended for use with Mozilla, Netscape 6, and Communicator still relied on proprietary code licensed from RSA Security, Inc., by Netscape. Soon after the RSA patent expired last fall, we reimplemented the RSA algorithm from scratch. We were then able to build NSS, and therefore PSM, completely from open source code.

PSM 1.4 ships with Netscape 6 and is also available for use with Communicator 4.7 and later versions. It runs as a separate process, displaying its UI in HTML windows when necessary. (For background information on the origins of this architecture, see A Brief History of Personal Security Manager.)

The main goal of PSM 2.0 (Codename: PSM in Process, or PIP) is to run in-process as a fully integrated Mozilla component. Other goals are listed below. Although S/MIME is not a feature of PSM 2.0, we will be laying the groundwork for S/MIME features in later releases.

For a technical view of where we're going with different flavors of PSM and how the the PSM 2.0 XPCOM shared libraries will be organized, see PSM 2.0 Roadmap: A Technical View.

For a detailed breakdown of tasks and dependencies related to PSM 2.0, see PSM 2.0 Task List.


Goals

PSM 2.0 has the following goals:

  1. Complete integration with Mozilla. PSM 1.x has provided a number of important benefits over the past two years as Communicator has matured and Netscape 6.0 was developed and released. However, we now want to integrate PSM with Mozilla, so that PSM 2.0 will look just like other Mozilla components. It will use XPCOM, XUL, and language locales. It will be an in-process component. It will use autoconf, regardless of support for autoconf in NSS. Any other projects that use the Mozilla code base will be able to pick up the new implementation and have SSL work.
  2. Real modularity. Some customers will not want to use PSM for their applications. Version 2.0 will have a clean separation from the rest of the Mozilla code base. In other words, if you don't have PIP, you won't see any PIP preferences, the Certificate Manger, the lock icon, and so on in the Mozilla client. When you install the PIP XPI file, the preferences and the rest of the UI will show up.
  3. Support for embedded systems. Embedding teams can use just the crypto components without relying on our XUL infrastructure. Such customers include set-top box developers. All features must be accessible via APIs, not just our UI.
  4. Think ahead about S/MIME. The work we do for PSM 2.0 will lay the groundwork for S/MIME features to be introduced in later releases. Although we're not doing any S/MIME work for PIP at this time, we want to make sure that the UI and APIs don't have to change when we start to imlement S/MIME features.


PSM 2.0 Prioritized Feature List

  1. Retain all existing PSM 1.4 functionality including (but not limited to) these features:
    • Servers can determine what version of PSM a client is using by using a browser-side JavaScript call (as in PSM 1.x).
    • Single-click/CRMF certificate issuance (with UI)
    • The Registration Authority has the option of suppressing the back-up dialog during certificate issuance
    • Interruption or discontinuation of the certificate issuance process does not corrupt the certificate/key database
    • User-prompted renewal of certificates
    • PSM can be installed by loading and running the appropriate XPI file.
    • OCSP support.
    • Dual key generation support
    • Client-auth logout capability via the crypto.logout call from JavaScript
    • Encryption key escrow
    • Existing SDR functionality (used to support the Password Manager).
    • PKCS#11 support
    • PKCS#12 support
  2. Correct NLS support. When you switch locales, PSM inherits those changes.
  3. The lock icon will work correctly.
  4. PSM will have a new UI written in XUL:
    • Preferences will migrate to Edit/Preferences
    • Status info for S/MIME and SSL goes to View/Page Info
    • Certificate management becomes its own XUL window (see the demo here)
    • We will introduce a new Smart Card Manager window.
  5. Preserve IDL interfaces that necko depends on
  6. Full START_TLS support. PSM will not need to handle unencrypted network traffic. Protocols that support START_TLS will work as expected. When a protocol handler encounters a START_TLS request from the server, it will be able to invoke PSM.
  7. The builds system will use autoconf (even if NSS does not). PSM will be part of the standard Mozilla build process for Mac, Win32, and Linux. It will be possible to build a Mozilla browser without PSM.
  8. PSM 2.0 will perform well enough for the following purposes:
    • SSL performance will be better than C4.7 (without PSM)
    • SSL performance will be better than N6.0.
    • PSM will be able to encrypt/decrypt fast enough to allow someone else to add disk encryption of prefs, history, bookmarks, locally stored mail files. Other possible targets of disk encryption include skins, news cache, and web cache. Goal: encrypt/decrypt 1MB/second.
  9. Full HTTPS proxy support (as in Commnicator 4.7x)
  10. PSM 2.0 will be at least 10% smaller than PSM 1.4 on win32 and Linux.
  11. S/MIME ready.  The UI and APIs (where applicable) will be S/MIME ready. That is, S/MIME functionality should be a super-set of PIP. The S/MIME developers will not need to change PIP when adding their own features.
  12. No nicknames. The user will not be able to name or rename certificates. From the user's point of view, there is no longer any such thing as a "certificate nickname". Instead, the new UI should show enough information about a certificate that nicknames are not necessary.
  13. Display of CA. When you click on the lock icon, Mozilla will open the Page Info window. The CA should be displayed in the chrome during SSL connections.
  14. SSL version 2 is off by default
  15. Auto-cert select is on by default
  16. TLS is on by default
  17. Password quality meter will teach users to select good passwords.
  18. Use NSS 3.2 libraries in their static form (we won't be able to use the shared libraries).
  19. PSM can be linked with or without NSS's S/MIME library.
  20. Basic-auth logins over SSL should show a lock in the Name/Password dialog box to tell the user that his/her password will not be sent over the Internet in the clear.

New User Interface

PSM 2.0 will have an all-new UI written in XUL rather than in HTML:
  • PSM 2.0 UI describes ongoing work on the PSM 2.0 UI, including links to current XUL mockups that you can install and play with.
  • Text for PSM UI Elements lists all PSM 2.0 UI elements, the text they contain, and other details related to context-sensitive help.
  • PSM 2.0 Task List provides a detailed breakdown of tasks and dependencies, including UI elements.

Lock Icon Behavior

[to come]

Page Info Requirements

The Page Info page should display the following information:

SSL

  1. EE CN (e.g. "Amazon, Inc.") and signer's CN (e.g. "VeriSign, Inc.")
  2. Encryption protocol (e.g. SSLv2, SSLv3, TLS 3.1)
  3. SSL cipher and key length (e.g. "RC4, 128-bits", or "3DES, 168-bits")
  4. Size of the public key (e.g. "1024-bits")
  5. Key exchange algorithm (e.g. "RSA key exchange")
  6. A button that opens the Certificate Manager to reveal all the detail you could ever want to know about that server certificate.
  7. Which certificate, if any, the user presented to that server.

S/MIME

  1. EE CN (e.g. "Bob Lord")
  2. Encryption protocol (e.g. S/MIME v3)
  3. SSL cipher and key length (e.g. "RC2, 40-bits", or "3DES, 168-bits")
  4. Size of the public key (e.g. "1024-bits")
  5. Key exchange algorithm (e.g. "RSA key exchange")
  6. A button that opens the Certificate Manager to reveal all the detail you could ever want to know about the sender's certificate.

Platforms and Dependencies

This release requires the use of NSS 3.2 and NSPR 4.1.

PSM 2.0 will be built with the daily Mozilla builds. It will be tested and certified on the following operating systems:

  • Windows NT 4.0 SP6
  • Windows 2000
  • Windows 95
  • Windows 98
  • Windows ME
  • Red Hat Linux 6.1, kernel 2.2, glibc 2.1
  • Macintosh System 8.6
  • Macintosh System 9
  • Macintosh System X

The PSM team does not currently have the resources to test and certify PSM on any other platforms. If you successfully run PSM on other platforms, or if you are interested in taking responsibility for testing and maintaining PSM on a particular platform that's not listed above, post a message to mozilla.dev.tech.crypto.


Documentation Plan

PSM 2.0 help will be available as appropriate content entries accessible from the Help menu in the new Mozilla help viewer. Many entries will also be accessible from help buttons within the PSM 2.0 UI ("context-sensitive help"), which will open up the same help viewer to the appropriate subsection under the top-level heading "Privacy and Security."

For a preliminary outline and other details, see Documentation Plan for PSM 2.0.


Schedule

Milestone Date Features Comments
M1 3/2/2001
  • SSL server-auth.
  • SSL proxy.
  • Cert MIME types.
  • SDR (i.e. wallet).
  • Allow developers to build and run PSM 2.0.
Completed.
M1.5 3/15/2001 Profile switching. To help embedding clients. Completed.
M2 4/6/2001
  • Security preferences and UI (SSL ver, Cipher suites, OCSP etc.).
  • Certificate Manager.
  • SSL client auth.
  • PKCS7 interfaces for signed JS.
  • Lock icon fully functional.
PSM 2.0 should be considered for use with mozilla at this point. Completed.
M3 4/27/2001
  • Fully functional Certificate Manager (mcgreer).
  • KEYGEN (ddrinan).
  • Certificate Viewer (javi).
  • Clicking lock icon opens Page Info + Page Info (thayes).
  • Preliminary help engineering--one or two buttons work.
M4 5/11/2001
  • Move Security prefs into "Privacy and Security" (thayes).
  • cipher suit prefs (ddrinan).
  • OCSP (ddrinan).
  • CRMF/CMMF (javi).
  • Version string in JS (javi).
  • Security Device Manager (mcgreer).
  • Each engineer hooks up help buttons for UI that he's working on.
M5 5/23/2001
  • CRLs: add, delete, view (ddrinan).
  • Reset prefs (javi).