Re: [b2g] The SIM-card is about to die
On Monday, October 20, 2014 7:47:57 AM UTC+2, Fabrice Desré wrote: Hi Anders, On 10/19/2014 09:53 PM, Anders Rundgren wrote: http://www.theverge.com/2014/10/16/6990525/the-sim-card-is-about-to-die That banks, governments and enterprises cannot use the SIM for storing authentication keys made Apple and Google bypass the SIM. I.e. building payment solutions around the SIM which Mozilla is currently doing is not mainstream although it has been talked about since the late 90'ties. The mozPay api is not tied to SIM card at all (see https://developer.mozilla.org/en-US/docs/Web/API/Navigator.mozPay) so I'm not sure how you came to this conclusion. Care to elaborate? I was rather thinking about the SE API. mozPay is another thing which unfortunately is hampered by the limitations of NSS. Anders Fabrice -- Fabrice Desré b2g team Mozilla Corporation ___ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g
Re: [b2g] The SIM-card is about to die
On 10/21/2014 08:53 AM, Anders Rundgren wrote: I was rather thinking about the SE API. mozPay is another thing which unfortunately is hampered by the limitations of NSS. Why is NSS limiting for mozPay? Fabrice -- Fabrice Desré b2g team Mozilla Corporation ___ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g
Re: [b2g] The SIM-card is about to die
On Tuesday, October 21, 2014 6:41:16 PM UTC+2, Fabrice Desré wrote: On 10/21/2014 08:53 AM, Anders Rundgren wrote: I was rather thinking about the SE API. mozPay is another thing which unfortunately is hampered by the limitations of NSS. Why is NSS limiting for mozPay? NSS is limiting for all kinds of services that could use client-based keys since it doesn't support secure provisioning of keys in TEEs, SEs and similar. However *using* keys with NSS is still a viable solution. See posting Time to dump NSS for more references. Anders Fabrice -- Fabrice Desr� b2g team Mozilla Corporation ___ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g
Re: [b2g] The SIM-card is about to die
On Sun, Oct 19, 2014 at 9:53 PM, Anders Rundgren anders.rundgren@gmail.com wrote: So this is yet another strong argument for dumping NSS as the core... This is not the right place for this discussion. You should take this to mozilla.dev.security. - Kyle ___ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g
Re: [b2g] The SIM-card is about to die
On Monday, October 20, 2014 6:59:17 AM UTC+2, Kyle Huey wrote: On Sun, Oct 19, 2014 at 9:53 PM, Anders Rundgren anders.rundgren@gmail.com wrote: So this is yet another strong argument for dumping NSS as the core... This is not the right place for this discussion. You should take this to mozilla.dev.security. - Kyle Although it appears to be a security issue, it is really an architectural and strategy thing which affects a huge number of OS sub-systems as well as several on-going projects. Security forums are usually entirely uninterested in architecture and Mozilla's is not an exception. I hope that some of the people who represent strategy and architecture saw my two messages and took it the right (intended) way: as a friendly advice. I will refrain from further postings on this subject. Feel free exchanging ideas with me privately on anders.rundgren@gmail.com - Anders ___ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g
[b2g] The SIM-card is about to die
http://www.theverge.com/2014/10/16/6990525/the-sim-card-is-about-to-die That banks, governments and enterprises cannot use the SIM for storing authentication keys made Apple and Google bypass the SIM. I.e. building payment solutions around the SIM which Mozilla is currently doing is not mainstream although it has been talked about since the late 90'ties. So this is yet another strong argument for dumping NSS as the core... Anders ___ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g
Re: [b2g] The SIM-card is about to die
What I think Kyle intended to say was: Hello thanks for sharing but mozilla.dev.security is the more appropriate place to discuss architectural and strategy discussions around replacing NSS On Sun, Oct 19, 2014 at 10:10 PM, Anders Rundgren anders.rundgren@gmail.com wrote: On Monday, October 20, 2014 6:59:17 AM UTC+2, Kyle Huey wrote: On Sun, Oct 19, 2014 at 9:53 PM, Anders Rundgren anders.rundgren@gmail.com wrote: So this is yet another strong argument for dumping NSS as the core... This is not the right place for this discussion. You should take this to mozilla.dev.security. - Kyle Although it appears to be a security issue, it is really an architectural and strategy thing which affects a huge number of OS sub-systems as well as several on-going projects. Security forums are usually entirely uninterested in architecture and Mozilla's is not an exception. I hope that some of the people who represent strategy and architecture saw my two messages and took it the right (intended) way: as a friendly advice. I will refrain from further postings on this subject. Feel free exchanging ideas with me privately on anders.rundgren@gmail.com - Anders ___ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g ___ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g
Re: [b2g] The SIM-card is about to die
Hi Anders, On 10/19/2014 09:53 PM, Anders Rundgren wrote: http://www.theverge.com/2014/10/16/6990525/the-sim-card-is-about-to-die That banks, governments and enterprises cannot use the SIM for storing authentication keys made Apple and Google bypass the SIM. I.e. building payment solutions around the SIM which Mozilla is currently doing is not mainstream although it has been talked about since the late 90'ties. The mozPay api is not tied to SIM card at all (see https://developer.mozilla.org/en-US/docs/Web/API/Navigator.mozPay) so I'm not sure how you came to this conclusion. Care to elaborate? Fabrice -- Fabrice Desré b2g team Mozilla Corporation ___ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g