I've started a project to produce an experimental browser (Flowerbeetle) and an experimental e-mail client (Flowerduck).
The purpose is to enable early testing of security and PKI related changes, which are proposed for the Mozilla platform (including Firefox and Thunderbird), but which haven't yet been fully reviewed and accepted for inclusion. Just to make it clear, this isn't an official Mozilla.org project, it's (currently) my own initiative. If you're interested in testing and giving feedback, please visit https://kuix.de/flowerbeetle and https://kuix.de/flowerduck for more information. For the full list of experimental changes included, please visit the download pages. Notable changes are: - support for OCSP stapling and the OCSP HTTP GET mechanism - disable acceptance of MD5 in signatures - use of the smarter libPKIX certificate verification engine (which unfortunately still has some stability bugs and would benefit from contributions to improve it) - libPKIX allows for automatic download of CRLs and missing certificates during verification - strictly require fresh revocation information when verifying certificates (if the availability of such information is declared inside certificates) - the most recent, unreleased, experimental development snapshot of the NSS security library - no longer show security indicators if a site fails to implement RFC 5746 - experimental changes to certificate manger to deal better with the blacklisted certificates that we have started to since last year after the various CA compromises - extended error reporting for failures on SSL/TLS connections (don't be silent by default) If you have feedback related to this project, especially if you have comments related to the correctness or failures of the included functionality, I'd welcome your reports. It would be preferable to use the project specific mailing list(s) which can be found at above links. Please also subscribe to the list(s) if you're interested in announcements of future test releases. Thanks and Regards Kai -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto