On Friday, October 10, 2014 7:41:38 AM UTC+2, Anders Rundgren wrote:
> IMO, you can't build a modern mobile OS using a cryptographic platform which
> is 20 years old.
>
>
>
> NSS was designed when externally provisioned smart cards were [anticipated to
> be] the norm.
>
>
>
> Modern mobile OSes have embedded security hardware which NSS's cousin
> "keygen" doesn't address in a useful (=like Google's U2F) way.
>
>
>
> Unlike Android and iOS, Firefox doesn't offer (AFAIK) a rich OS with access
> to secure keys. That may not be necessary either since W3C's WebCrypto could
> (in an extended version NB...), provide such functionality.
>
>
>
> For an example of what such an architecture could offer, take a peek at:
>
> http://webpki.org/papers/PKI/EMV-Tokenization-SET-3DSecure-WebCryptoPlusPlus-combo.pdf#page=4
>
>
>
>
> Anders
Firefox OS/NSS seems to lack key confinement:
http://webpki.org/papers/key-access.pdf
_______________________________________________
dev-b2g mailing list
dev-b2g@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-b2g