Re: Root Certificates in Firefox OS (was Re: NSS in Firefox OS)
Rob Stradling wrote: I presume that Firefox OS trusts NSS's Built-in Root Certificates [1], but what (if anything) does Firefox OS do for EV SSL? As you found, Firefox OS doesn't have an EV UI, and in fact I just disabled the EV validation logic in B2G for performance reasons, given that it was wasted effort without a UI. Does Firefox OS import PSM's list of EV-enabled Root Certificates? [2] It did, but I just disabled that since it wasn't being used for anything. Note that this wasn't a policy decision. It could be that we will have an EV indicator in the future on B2G. I expect we will eventually try to make all our products consistent, one way or another. Cheers, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Root Certificates in Firefox OS (was Re: NSS in Firefox OS)
On 20/10/12 18:33, Brian Smith wrote: snip B2G (Firefox OS) does use NSS. Brian, I presume that Firefox OS trusts NSS's Built-in Root Certificates [1], but what (if anything) does Firefox OS do for EV SSL? Does Firefox OS import PSM's list of EV-enabled Root Certificates? [2] Thanks. [1] https://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt [2] https://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsIdentityChecking.cpp snip -- Rob Stradling Senior Research Development Scientist COMODO - Creating Trust Online -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: NSS in Firefox OS
On Saturday, October 20, 2012 10:33:58 PM UTC+5, Brian Smith wrote: Anders Rundgren wrote: Anyway, I guess that Firefox OS uses NSS? Is it still is based on the idea that key access is done in the application context rather than through a service? B2G (Firefox OS) does use NSS. Nothing has changed regarding the process separation between Gecko and the private key material. However, B2G uses a process separation model where the Gecko parent (chrome) process is separated from the web content. Cheers, Brian Can someone give a detailed view if how smime works in nss ? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
How does SMIME work in NSS (was Re: NSS in Firefox OS)
Vishal wrote: On Saturday, October 20, 2012 10:33:58 PM UTC+5, Brian Smith wrote: Anders Rundgren wrote: Anyway, I guess that Firefox OS uses NSS? Is it still is based on the idea that key access is done in the application context rather than through a service? B2G (Firefox OS) does use NSS. Nothing has changed regarding the process separation between Gecko and the private key material. However, B2G uses a process separation model where the Gecko parent (chrome) process is separated from the web content. Cheers, Brian Can someone give a detailed view if how smime works in nss ? I don't work on S/MIME stuff. If I had to learn it, I would start by reading the source code to cmsutils, and the header files for lib/smime. http://mxr.mozilla.org/security/source/security/nss/cmd/smimetools/cmsutil.c http://mxr.mozilla.org/security/source/security/nss/lib/smime/cmst.h http://mxr.mozilla.org/security/source/security/nss/lib/smime/cms.h http://mxr.mozilla.org/security/source/security/nss/lib/smime/smime.h Then, I would search for SMIME in the Thunderbird source code: https://mxr.mozilla.org/comm-central/search?string=SMIMEcase=1find=findi=filter=^[^\0]*%24hitlimit=tree=comm-central Cheers, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
NSS in Firefox OS
I've heard about the Firefox OS but haven't been able to find much information about the internals, at least not the crypto-part. Anyway, I guess that Firefox OS uses NSS? Is it still is based on the idea that key access is done in the application context rather than through a service? Anders -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: NSS in Firefox OS
Anders Rundgren wrote: Anyway, I guess that Firefox OS uses NSS? Is it still is based on the idea that key access is done in the application context rather than through a service? B2G (Firefox OS) does use NSS. Nothing has changed regarding the process separation between Gecko and the private key material. However, B2G uses a process separation model where the Gecko parent (chrome) process is separated from the web content. Cheers, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
