|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
May I comment a bit on this? msm Li wrote:
Currently, the smartphone platform is lack of unified software/hardware security module. For example, iPhone stores certificates in the Keychain, BlackBerry stores certificates in BlackBerry device key store, Android has no such secure storage.
This project is intended to provide a unified interface/framework/middleware to access/manage secure elements for storing certificates and private key and making various PKI operations, such as signing and encryption.
The secure applications can be built on top of the framework, for example, Mobile Wallet applications, such as credit card app, debit card app, identity card app(SSN app in US), driver license app, medical card app, even use your phone to vote in election, ...
These applications can transparently make various PKI operations regardless of underlying hardware components, a file system, a SIM card, a NFC chip, a secure µSD card, ...
Here I be to disagree. The industry has worked for ages to abstract PKI interfaces so that they could use any underlaying crypto module. Has it worked out well? No, it has worked incredibly bad making us entirely dependent on third-party drivers. Take a peek in the list: http://www.opensc-project.org/pipermail/opensc-devel and you will find plenty of evidence that you are looking for problems that haven't been properly solved in the PC world and has an even less chance of getting ironed out on mobile phones since there is no easy way upgrading/installing 3rd party drivers, not to mention keeping them in shape for the ever-changing mobile OSes. You should also be aware of the fact that secure provisioning requires communication on the "APDU" level which is entirely at odds with NSS, JCE, PKCS #11, MS-CAPI etc. Due to this I think you should consider dropping NSS and start over with something like described here: http://www.ietf.org/mail-archive/web/keyprov/current/msg00999.html Mozilla's <keygen> is an example of a scheme that was OK 15 years ago but it has little relevance today except for marginal deployments used by trained people. I think that you need to look on the whole ekosystem in order to create something useful. If somebody are interested we could have a skype conference about how we could solve something non of the platform vendors have succeeded with! Regards Anders
The FireFox is the most widely ported application, it runs on Windows, Mac, Linux, Unix, ... Most importantly, people uses it to do online-banking, online-shopping in daily life. The NSS/JSS, one component of FireFox, supports cross-platform development of security-enabled applications. It supports PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, TLS, SSL v2 and v3, X.509 v3 certificates, and other security standards. Furthermore, NSS itself is comply with FIPS 140-2, it is crucial cretia to meet requirements of governments and financial institutions. The proven tracking records of NSS/JSS have made it a perfect choice for managing security on smartphone platforms. The popular smartphone platforms are listed as follows : Platform Develop Language Android phone/tablet Java/C iPhone/iPad/iPod C Symbian/Maemo/MeeGo C Blackberry Java Windows Mobile C Palm Pre/webOS C Currently, the targeted plaforms of porting NSS/JSS are Android and iPhone. It is understood that not every platform vendor provides suitable development kit to build NSS/JSS. It is desirable to have platform vender support. Other related open-source projects are listed as follows for reference: 1) Android™ Keystore V2 http://android-keystore-v2.webpki.org/ http://webpki.org/auth-token-4-the-cloud.html 2) Secure Element Evaluation Kit for the Android platform http://code.google.com/p/seek-for-android/ 3) CoolKey http://directory.fedoraproject.org/wiki/CoolKey 4) OpenSC http://www.opensc-project.org/opensc 5) PCSC-Lite http://pcsclite.alioth.debian.org/ 6) MUSCLE http://www.linuxnet.com/info.html On Wed, Aug 25, 2010 at 5:11 PM, Wan-Teh Chang <wtc@xxxxxxxxxx> wrote:On Wed, Aug 25, 2010 at 1:39 PM, msm Li <mlimsm1@xxxxxxxxx> wrote:First thing first, does Mozilla have such plan to port NSS/JSS to smart phone platform ?Mozilla doesn't use JSS, so Mozilla is unlikely to work on porting JSS to new platforms. Mozilla is porting NSS to Android. I have not seen any NSS patches for iPhone, so I don't know if Mozilla is porting NSS to iPhone. I am interested in the project you proposed. Why do you want to port JSS? Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@xxxxxxxxxxxxxxxxx https://lists.mozilla.org/listinfo/dev-tech-crypto
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel
[Home] [Fedora Legacy List] [Fedora Maintainers] [Fedora Desktop] [Red Hat 9 Bible] [Fedora Bible] [Fedora SELinux] [Big List of Linux Books] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools]