TOFU POP MONK – It’s a good idea
04.02.11 - 11:21am
Glyph Lefkowitz on fixing HTTPS: We (those of us in the open source hipster security noosphere) need to popularize this concept, because it’s not that hard to implement, people keep re-inventing it everywhere, it’s mostly just about getting some browser vendor to think it’s a good idea.
Speaking only for myself, I am convinced this is a good enough idea to try.
I’m glad it’s not that hard to implement, because that makes the next action for the open source hipster security noosphere very obvious. Write the patches for NSS. Then, these new HTTPS capabilities will be available for Firefox and other Mozilla products, as well as Google Chrome and ChromeOS. NSS can be hacked on in any of the following locations, but the patches must eventually be upstreamed to cvs.mozilla.org to be a part of the official distribution. Here’s where you can find it:
- mozilla-central, the tip of the tree for Gecko and Firefox.
- mozilla-central on github
- The Chromium project also has a copy of NSS.
- The canonical copy of NSS is still in Mozilla CVS.
P.S. – No, I have no idea why the NSS developers are still on CVS. 
