summaryrefslogtreecommitdiff
path: root/system/mozilla-nss/faq.html
diff options
context:
space:
mode:
Diffstat (limited to 'system/mozilla-nss/faq.html')
-rw-r--r--system/mozilla-nss/faq.html364
1 files changed, 364 insertions, 0 deletions
diff --git a/system/mozilla-nss/faq.html b/system/mozilla-nss/faq.html
new file mode 100644
index 0000000000..176fe8f883
--- /dev/null
+++ b/system/mozilla-nss/faq.html
@@ -0,0 +1,364 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<link rel="top" title="Home" href="http://www.mozilla.org/">
+<link rel="stylesheet" type="text/css" href="../../../../css/print.css" media="print">
+<link rel="stylesheet" type="text/css" href="../../../../css/base/content.css" media="all">
+<link rel="stylesheet" type="text/css" href="../../../../css/cavendish/content.css" title="Cavendish" media="screen">
+<link rel="stylesheet" type="text/css" href="../../../../css/base/template.css" media="screen">
+<link rel="stylesheet" type="text/css" href="../../../../css/cavendish/template.css" title="Cavendish" media="screen">
+<link rel="icon" href="../../../../images/mozilla-16.png" type="image/png">
+
+<TITLE>NSS FAQ</TITLE>
+<script src="../../../../__utm.js" type="text/javascript"></script>
+</head>
+<body id="www-mozilla-org" class="secondLevel sectionDevelopers">
+<div id="container">
+<p class="skipLink"><a href="#mainContent" accesskey="2">Skip to main content</a></p>
+<div id="header">
+<h1><a href="/" title="Return to home page" accesskey="1">Mozilla</a></h1>
+<ul>
+<li id="menu_aboutus"><a href="../../../../about/" title="Learn more about Mozilla">About</a></li>
+<li id="menu_foundation"><a href="../../../../foundation/" title="Information about the non-profit Mozilla Foundation">Foundation</a></li>
+<li id="menu_contribute"><a href="../../../../contribute/" title="Find out how to get involved with Mozilla">Contribute</a></li>
+<li id="menu_community"><a href="../../../../community/" title="List of community sites and other resources">Community</a></li>
+<li id="menu_developers"><a href="../../../../developer/" title="Resources and links for developers">Developers</a></li>
+<li id="menu_projects"><a href="../../../../projects/" title="Projects being created by the Mozilla community">Projects</a></li>
+</ul>
+<form id="searchbox_002443141534113389537:ysdmevkkknw" action="http://www.google.com/cse" title="mozilla.org Search">
+<div>
+<label for="q" title="Search mozilla.org's sites">search mozilla:</label>
+<input type="hidden" name="cx" value="002443141534113389537:ysdmevkkknw">
+<input type="hidden" name="cof" value="FORID:0">
+<input type="text" id="q" name="q" accesskey="s" size="30">
+<input type="submit" id="submit" value="Go">
+</div>
+</form>
+</div>
+<hr class="hide">
+<div id="mBody">
+<div id="side">
+
+<ul id="nav">
+<li><a title="Roadmap" href="../../../../roadmap.html"><strong> Roadmap</strong></a></li>
+<li><a title="Projects" href="../../../../projects/"><strong> Projects</strong></a></li>
+<li><a title="For developers" href="../../../../developer/"><strong> Coding</strong></a>
+<ul>
+<li><a title="Module Owners" href="../../../../owners.html"> Module Owners</a></li>
+<li><a title="Hacking" href="../../../../hacking/"> Hacking</a></li>
+<li><a title="Get the Source" href="http://developer.mozilla.org/en/docs/Download_Mozilla_Source_Code"> Get the Source</a></li>
+<li><a title="Building Mozilla" href="http://developer.mozilla.org/en/docs/Build_Documentation"> Build It</a></li>
+</ul>
+</li>
+<li><a title="Testing" href="http://quality.mozilla.org/"><strong> Testing</strong></a>
+<ul>
+<li><a title="Downloads of mozilla.org software releases" href="../../../../download.html"> Releases</a></li>
+<li><a title="Latest mozilla builds for testers" href="../../../../developer/#builds"> Nightly Builds</a></li>
+<li><a title="For testers to report bugs" href="https://bugzilla.mozilla.org/"> Report A Problem</a></li>
+</ul>
+</li>
+<li><a title="Tools for mozilla developers" href="../../../../tools.html"><strong> Tools</strong></a>
+<ul>
+<li><a title="Bug tracking system for mozilla testers." href="https://bugzilla.mozilla.org/"> Bugzilla</a></li>
+<li><a title="Latest status of mozilla builds" href="http://tinderbox.mozilla.org/showbuilds.cgi?tree=Firefox"> Tinderbox</a></li>
+<li><a title="Latest checkins" href="http://bonsai.mozilla.org/cvsqueryform.cgi"> Bonsai</a></li>
+<li><a title="Source cross reference" href="http://mxr.mozilla.org/"> MXR</a></li>
+</ul>
+</li>
+<li><a title="Frequently Asked Questions." href="../../../../faq.html"><strong> FAQs</strong></a></li>
+</ul>
+
+</div>
+<hr class="hide">
+<div id="mainContent">
+
+
+
+
+<center>
+<h2>NSS FAQ</h2>
+<i><FONT SIZE="-1">
+
+Newsgroup:
+<A HREF="news://news.mozilla.org/mozilla.dev.tech.crypto">mozilla.dev.tech.crypto</A>
+
+</FONT></i>
+</center>
+
+<p>
+<hr>
+<p>
+
+<a href="#Q1">General Questions</a>
+
+<ul>
+<li>
+<a href="#Q1.1">What is Network Security Services (NSS)?</a></li>
+<li>
+<a href="#Q1.2">What can I do with NSS? Is NSS appropriate for my application?</a></li>
+<li>
+<a href="#q1.2a">How does NSS compare to OpenSSL?</a></li>
+<li>
+<a href="#q1.3">How does NSS compare to SSLRef?</a></li>
+<li>
+<a href="#q1.4">What platforms and development environments are supported?</a></li>
+<li>
+<a href="#q1.5">What cryptography standards are supported?</a></li>
+<li>
+<a href="#q1.7">What is the relationship between NSS and PSM?</a></li>
+<li>
+<a href="#q1.7">Where can I get the source?</a></li>
+<li>
+<a href="#q1.8">How much does it cost?</a></li>
+</ul>
+
+<a href="#Q2">Developer Questions</a>
+<ul>
+<li>
+<a href="#q2.1">What hardware accelerators are supported?</a></li>
+<li>
+<a href="#q2.2">How do I integrate smart cards into my application using
+NSS?</a></li>
+<li>
+<a href="#q2.3">How is NSS compatible with other Netscape products?</a></li>
+<li>
+<a href="#q2.4">Does NSS require Netscape Portable Runtime (NSPR)?</a></li>
+<li>
+<a href="#q2.5">Can I use NSS even if my application protocol isn't HTTP?</a></li>
+<li>
+<a href="#q2.6">How long does it take to integrate NSS into my application?</a></li>
+<li>
+<a href="#q2.6">How can I learn more about SSL?</a></li>
+</ul>
+
+<a href="#Q3">Licensing Questions</a>
+<ul>
+<li>
+<a href="#q3.1">How is NSS licensed?</a>
+<li>
+<a href="#q3.2">Is NSS available outside the United States?</a></li>
+</ul>
+<h2>
+ <a NAME="Q1"><hr WIDTH="100%"></a>General Questions</h2>
+<a NAME="Q1.1"></a><H4>What is Network Security Services (NSS)?</h4>
+<P>NSS is set of libraries, APIs, utilities, and documentation designed
+to support cross-platform development of security-enabled client and
+server applications. It provides a complete open-source implementation
+of the crypto libraries used by Netscape and other companies in the
+Netscape 6 browser, server products from iPlanet E-Commerce Solutions, the
+Gateway Connected Touch Pad with Instant AOL, and other products.
+
+<p>For an
+overview of NSS, see <a href="overview.html">Overview of NSS</a>. For detailed information
+on the open-source NSS project, see <a href="index.html">NSS Project Page</a>.
+
+<br>
+<a NAME="Q1.2"></a><H4>What can I do with NSS? Is NSS appropriate for
+my application?</h4>
+<P>If you want add support for SSL, S/MIME, or other Internet security standards
+to your application, you can use Network Security Services (NSS) to do so. Because
+NSS provides complete support for all versions of SSL and TLS, it is particularly well-suited
+for applications that need to communicate with the many clients and servers
+that already support the SSL protocol.
+<p>The PKCS #11 interface included in NSS means that your application can
+use <a href="#q2.1">hardware accelerators</a> on the server and <a href="#q2.2">smart
+cards</a> for two-factor authentication.
+<br>
+
+ <a NAME="q1.2a"></a><H4>How does NSS compare to OpenSSL?</h4>
+
+<a href="http://www.openssl.org/">OpenSSL</a> is an open source project that implements server-side SSL,
+TLS, and a general-purpose cryptography library. It does not support PKCS #11. It is based on
+the SSLeay library developed by Eric A. Young and Tim J. Hudson. OpenSSL is widely used in
+Apache servers and is licensed under an Apache-style licence.
+
+<p>NSS supports both server and client applications as well as PKCS #11 and S/MIME. To permit its use
+in as many contexts as possible,
+NSS is triple-licensed under the <a href="../../../../MPL/">Mozilla Public License</a>, the
+<a href="http://www.gnu.org/copyleft/gpl.html">GNU General Public License</a>,
+and the <a href="http://www.gnu.org/copyleft/lesser.html">GNU Lesser General Public License</a>.
+You may choose to use the code either under the terms of the MPL or the GPL or the LGPL.
+
+<a NAME="q1.3"></a><H4>How does NSS compare to SSLRef?</h4>
+SSLRef was an early reference implementation of the SSL protocol. It contains
+bugs that were never fixed, doesn't support TLS or or the
+new 56-bit export cipher suites, and does not contain the fix to the
+Bleichenbacher attack on PKCS#1.
+
+<p>Netscape no longer maintains SSLRef or makes it available. It was built as
+an example of an SSL implementation, not for creating production applications.
+
+<p>NSS was designed from the ground up for use by commercial developers.
+It provides a complete software development kit
+that uses the same architecture used to support security features in many client
+and server products from Netscape and other companies.
+
+<a NAME="q1.4"></a><H4>What platforms and development environments are supported?</h4>
+<P>iPlanet E-Commerce Solutions has certified NSS 3.1 on 18 platforms, including AIX 4.3, HP-UX 11.0,
+Red Hat Linux 6.0, Solaris (2.6 or later), Windows NT (4.0 or later), and
+Windows 2000. Other contributors are in the process of certifying additional platforms.
+The NSS 3.1 API requires C or C++ development environments.
+
+<p>For the latest NSS release notes and detailed platform information, see
+<a href="release_notes_31.html">NSS 3.1 Release Notes</a>.
+
+<a NAME="q1.5"></a><H4>What cryptography standards does NSS support?</h4>
+<P>NSS supports <a HREF="../../../docs/jargon.html#SSL">SSL v2 and v3</a>,
+ <a HREF="../../../../docs/jargon.html#TLS">TLS</a>,
+ <a HREF="../../../../docs/jargon.html#PKCS5">PKCS #5</a>,
+ <a HREF="../../../../docs/jargon.html#PKCS7">PKCS #7</a>,
+ <a HREF="../../../../docs/jargon.html#PKCS11">PKCS #11</a>,
+ <a HREF="../../../../docs/jargon.html#PKCS12">PKCS #12</a>,
+ <a HREF="../../../../docs/jargon.html#SMIME">S/MIME</a>, and
+ <a HREF="../../../../docs/jargon.html#X.509">X.509 v3</a> certificates.
+For complete details,
+see <a href="nss-3.11/nss-3.11-algorithms.html">
+Encryption Technologies</a>.
+
+<a NAME="q1.6"></a><H4>What is the relationship between NSS and PSM?</H4>
+
+Personal Security Manager (PSM) is built on top of NSS. It consists of libraries
+and a daemon designed to support cross-platform development of security-enabled
+client applications. The PSM binary provides a client module
+that performs cryptographic operations on behalf of applications.
+Netscape Personal Security Manager ships with Netscape 6 and the Gateway Connected Touch Pad with Instant AOL,
+and is also available for use with Communicagotr 4.7x.
+
+<p>For more information about the PSM open-source project, see <a href="../psm">Personal Security Manager</a>.
+
+<a NAME="q1.7"></a><H4>Where can I get the source code?</H4>
+
+For instructions on how to check out and build the NSS 3.1 source code, see
+<a href="buildnss_31.html">Build Instructions for NSS 3.1.</a> The source code may also
+be downloaded as a tar file from
+<a href="ftp://ftp.mozilla.org/pub/mozilla.org/security/">ftp://ftp.mozilla.org/pub/mozilla.org/security/</a>.
+
+<a NAME="q1.8"></a><H4>How much does it cost?</H4>
+
+NSS source code and binaries (when they become available) are completely free. No license fees,
+no royalty fees, no subscription fees.
+
+
+<a NAME="Q2"><h2>
+<hr WIDTH="100%"></a>Developer Questions</h2>
+
+<a NAME="q2.1"></a><H4>What hardware accelerators are supported?</h4>
+<P>NSS supports the PKCS #11 interface for hardware acceleration. Since leading accelerator vendors such as
+Chrysalis-IT, nCipher, and Rainbow Technologies also support this interface, NSS-enabled applications
+can support a wide variety of hardware accelerators.
+<a NAME="q2.2"></a><H4>How do I integrate smart cards into my application using
+NSS?</h4>
+<P>NSS supports the PKCS #11 interface for smart card integration. Applications that use the PKCS #11
+interface provided by NSS will therefore support smart cards from leading vendors such as
+ActiveCard, Litronic, and SecureID Technologies that also support the PKCS #11 interface.
+
+<a NAME="q2.3"></a><H4>How is NSS compatible with other Netscape products?</h4>
+<P>NSS provides tight integration with other Netscape products in two ways.
+First, by using NSS to implement SSL and TLS, you can support SSL communications
+with all products from Netscape and all other vendors
+that support SSL<FONT color="#CC0000"> and TLS.</FONT> Second, NSS makes it easy
+to share certificates between Netscape client and server products
+and your application.
+
+<a NAME="q2.4"></a><H4>Does NSS require Netscape Portable Runtime (NSPR)?</h4>
+<P>To provide cross-platform support, NSS utilizes Netscape Portable Runtime
+(NSPR) libraries as a portability interface and implementation that
+provides consistent cross-platform semantics for network I/O and threading
+models. You can use NSPR throughout your application or
+only in the portion that calls into NSS. Netscape strongly recommends that
+multithreaded applications use the NSPR or native OS threading model. (In
+recent NSPR releases, the NSPR threading model is compatible with the native
+threading model if the OS has native threads.) Alternatively, you can adapt
+the open-source NSPR implementation to be compatible with your existing
+application's threading models. More information about NSPR may be found at
+<a href="http://www.mozilla.org/projects/nspr/">Netscape Portable Runtime</a>.
+<br>
+
+<a NAME="q2.5"></a><H4>Can I use NSS even if my application protocol isn't
+HTTP?</h4>
+<P>Yes, SSL independent of application protocols. It works with common
+Internet standard application protocols (HTTP, POP3, FTP, SMTP, etc.) as
+well as custom application protocols using TCP/IP.
+
+<br>
+<a NAME="q2.6"></a><H4>How long does it take to integrate NSS into my application?</h4>
+<P>The integration effort depends on an number of factors, such as developer
+skill set, application complexity, and the level of security required for
+your application. NSS includes detailed documentation of the SSL API and
+sample code that demonstrates basic SSL functionality (setting up an encrypted
+session, server authentication, and client authentication) to help jump start the
+integration process. However, there is little or no documentation currently
+available for the rest of the NSS API. If your application requires sophisticated
+certificate management, smart card support, or hardware acceleration, your
+integration effort will be more extensive.
+
+<a NAME="q2.7"></a><H4> Where can I download the NSS tools?</h4>
+
+Currently, you must download the NSS source and build it to create binary files for the NSS tools.
+For more information, see <A HREF="tools/">NSS Tools</A>.
+
+
+<a NAME="q2.8"></a><H4>How can I learn more about SSL?</h4>
+
+NSS provides extensive documentation related to SSL, including high-level introductions,
+detailed API documentation, sample code for simple client and server
+applications, the original SSL 3.0 specification, and
+information on debugging SSL applications. For details, see the
+<a href="ssl/">SSL/TLS Project Page</a>. For information about the NSS tools, including those used
+for debugging SSL applications, see <a href="http://www.mozilla.org/projects/security/pki/nss/tools/">
+NSS Security Tools</a>.
+
+<a NAME="Q3"><h2>
+<hr WIDTH="100%"></a>Licensing Questions</h2>
+<H4><a NAME="q3.1"></a>How is NSS licensed?</h4>
+<P>NSS is triple-licensed under the <a href="../../../../MPL/">Mozilla Public License</a>, the
+<a href="http://www.gnu.org/copyleft/gpl.html">GNU General Public License</a>,
+and the <a href="http://www.gnu.org/copyleft/lesser.html">GNU Lesser General Public License</a>.
+For more details, see the <a href="http://www.mozilla.org/crypto-faq.html#1-3">Mozilla Crypto FAQ</a>.
+
+<a NAME="q3.2"></a><H4>Is NSS available outside the United States?</h4>
+<P>Yes; see
+<a href="buildnss_31.html">Build Instructions for NSS 3.1.</a> and
+<a href="ftp://ftp.mozilla.org/pub/mozilla.org/security/">ftp://ftp.mozilla.org/pub/mozilla.org/security/</a>.
+However, NSS source code is subject to the U.S. Export
+Administration Regulations and other U.S. law, and may not be exported or
+re-exported to certain
+countries (currently Cuba, Iran, Libya, North Korea, Sudan and Syria) or
+to persons or entities prohibited from receiving U.S. exports (including
+those (a) on the Bureau of Industry and Security Denied Parties List or
+Entity List, (b) on the Office of Foreign Assets Control list of Specially
+Designated Nationals and Blocked Persons, and (c) involved with missile
+technology or nuclear, chemical or biological weapons).
+
+<p>For more information about U.S. export controls on encryption software,
+see the <a href="http://www.mozilla.org/crypto-faq.html">Mozilla Crypto FAQ</a>.
+
+
+
+
+
+<hr class="hide">
+</div>
+</div>
+<div id="footer">
+<ul>
+<li><a href="../../../../support/">Support Options</a></li>
+<li><a href="../../../../security/">Security Center</a></li>
+<li><a href="../../../../privacy-policy.html">Privacy Policy</a></li>
+<li><a href="../../../../contact/">Contact Us</a></li>
+</ul>
+<p class="affiliates">International Affiliates: <a href="http://www.mozilla-europe.org/">Mozilla Europe</a> - <a
+href="http://mozilla.jp/">Mozilla Japan</a> - <a href="http://www.mozillaonline.com/">Mozilla China</a></p>
+<p class="copyright">
+Portions of this content are &copy; 1998&#8211;2009 by individual mozilla.org contributors<br>
+Content available under a Creative Commons <a href="http://www.mozilla.org/foundation/licensing/website-content.html">license</a></p>
+<p>
+<span>Last modified July 12, 2007</span>
+<span><a href="http://bonsai-www.mozilla.org/cvslog.cgi?file=mozilla-org/html/projects/security/pki/nss/faq.html&amp;rev=&amp;root=/www/">Document History</a></span>
+<span><a href="https://doctor.mozilla.org/?action=edit&amp;file=mozilla-org/html/projects/security/pki/nss/faq.html">Edit this Page</a></span> <span>(or <a href="/contribute/writing/cvs">via CVS</a>)</span>
+</p>
+</div>
+</div>
+</body>
+</html>