Sun-Netscape Alliance Releases Public Key Infrastructure to

Tuesday January 18th, 2000

According to a press release today, The Sun-Netscape Alliance is contributing the source code of the Netscape Security Services (NSS) and Personal Security Manager (PSM) to will provide the structure for disseminating the code and incorporating contributions. The open source release will not only put tested public-key code in the hands of more developers, but it will also provide the oversight necessary to ensure its stability and security in the future.

It is unclear how this will impact Mozilla -- the RSA code is still private. We should have more information for you in a few hours.

You can read the press release here.

UPDATE: New news on the release (thanks to Frank Hecker for the links). This press release goes into further detail. Mitchell Baker of states that "This contribution provides Mozilla with a high-quality open source security component for the browser." The release also states that "the source code contributed by the Sun-Netscape Alliance can be used to provide Secure Sockets Layer (SSL) support in the Mozilla browser".

Next, we have an updated crypto FAQ at According to the FAQ, "the release of source code from the Sun-Netscape Alliance will not include all the code needed to produce a complete SSL- or S/MIME-capable Mozilla product starting with only source code." Because of RSA intellectual property restrictions, they "will not be releasing the source code that actually performs the core encryption and decryption operations." But the news gets better. "The Mozilla binaries combined with the iPlanet Personal Security Manager binaries will implement SSL support; S/MIME support will be available sometime in the future when S/MIME integration with Mozilla is completed." Even though the source for the actual encryption/decryption will not be available, it will make it into Mozilla. There's a lot more to read there, so check it out.

Finally, you can get much more info on the new projects at the security page.


#7 Re: PKI Details

by hecker <>

Sunday January 23rd, 2000 2:56 AM

You are replying to this message

To clarify: Two main things are being open-sourced: Network Security Services (NSS) and Personal Security Manager (PSM). NSS is a base security/PKI library incorporating SSL and S/MIME support, as well as support for various PKI operations. NSS is used as a security library in various of the Sun/Netscape Alliance server products and in Communicator 4.x. NSS is also used as a security/PKI library by PSM. PSM is specifically intended as a client-side PKI product intended to be called from Mozilla and products based on Mozilla code; among other things, it allows those clients to do certificate enrollment with a CA using the CRMF/CMMF protocols. (It also supports what you called "two-cert PKI".)

The Sun/Netscape Alliance sells a commercial CA product, the Netscape Certificate Management System, and a commercial LDAP directory server, the Netscape Directory Server; see <…rastructure/dir_security/>. These products are not open source (although they are based on open standards like LDAP, X.509v3, CRMF/CMMF, etc.). If you wanted to create an open source CA product you would need more than just NSS and PSM.