Hi all, With the guidance of Trevor Perrin (cc-ed), I have put together the beginnings of a patch to allow clients of the NSS library to implement support for arbitrary TLS extensions. The motivation is to allow clients of NSS to implement new proposals that bolster the CA trust model, such as TACK[1] and Certificate Transparency[2]. However, the goal is to make a broadly-useful patch allowing for a wide array of TLS extensions.
I have the beginnings of the patch on GitHub[3]. It is not done, but the major functionality is more-or-less all there. There are still some needed changes that I know aren't implemented, a number of test failures I need to hunt down, and a number of style problems. But I'm getting close, and for some of what I still need to do (especially defining some parts of the public interface), feedback would be very useful. So I'd love to hear any feedback and guidance, as well as any concerns that might prevent this from eventually getting committed. I'm happy to take feedback anywhere; GitHub may be the best place for line-level code comments since it has a nice interface for that, but I'd guess the list is a better for high-level discussion. I'm also happy to open an issue on bugzilla, but I thought it might be better to wait until the patch is functional. Thank you, Daniel [1] http://tack.io/ [2] http://www.certificate-transparency.org/ [3] https://github.com/jackowayed/mozilla-nss/pull/1 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
