[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: [seek-for-android] Re: Port Mozilla NSS/JSS to smart phone platform

May I comment a bit on this?

msm Li wrote:

Currently, the smartphone platform is lack of unified
software/hardware security module.
For example, iPhone stores certificates in the Keychain, BlackBerry
stores certificates
in BlackBerry device key store, Android has no such secure storage.


True.



This project is intended to provide a unified
interface/framework/middleware to access/manage
secure elements for storing certificates and private key and making
various PKI operations,
such as signing and encryption.


That's good.



The secure applications can be built on top of the framework, for
example, Mobile Wallet
applications, such as credit card app, debit card app, identity card
app(SSN app in US),
driver license app, medical card app, even use your phone to vote in
election, ...


Absolutely!



These applications can transparently make various PKI operations
regardless of underlying
hardware components, a file system, a SIM card, a NFC chip, a secure
µSD card, ...


Here I be to disagree.  The industry has worked for ages to abstract PKI
interfaces so that they could use any underlaying crypto module.
Has it worked out well?  No, it has worked incredibly bad making
us entirely dependent on third-party drivers.

Take a peek in the list:

http://www.opensc-project.org/pipermail/opensc-devel

and you will find plenty of evidence that you are looking for problems
that haven't been properly solved in the PC world and has an even less
chance of getting ironed out on mobile phones since there is no easy way
upgrading/installing 3rd party drivers, not to mention keeping them in
shape for the ever-changing mobile OSes.

You should also be aware of the fact that secure provisioning requires
communication on the "APDU" level which is entirely at odds with NSS,
JCE, PKCS #11, MS-CAPI etc.

Due to this I think you should consider dropping NSS and start over
with something like described here:

http://www.ietf.org/mail-archive/web/keyprov/current/msg00999.html

Mozilla's <keygen> is an example of a scheme that was OK 15 years ago
but it has little relevance today except for marginal deployments
used by trained people.

I think that you need to look on the whole ekosystem in order to create
something useful.

If somebody are interested we could have a skype conference about
how we could solve something non of the platform vendors have
succeeded with!

Regards
Anders



The FireFox is the most widely ported application, it runs on Windows,
Mac, Linux, Unix, ...
Most importantly, people uses it to do online-banking, online-shopping
in daily life.
The NSS/JSS, one component of FireFox, supports cross-platform
development of security-enabled
applications. It supports PKCS #5, PKCS #7, PKCS #11, PKCS #12,
S/MIME, TLS, SSL v2 and v3,
X.509 v3 certificates, and other security standards.
Furthermore, NSS itself is comply with FIPS 140-2, it is crucial
cretia to meet requirements
of governments and financial institutions.

The proven tracking records of NSS/JSS have made it a perfect choice
for managing security
on smartphone platforms.

The popular smartphone platforms are listed as follows :

Platform                               Develop Language
Android phone/tablet           Java/C
iPhone/iPad/iPod                 C
Symbian/Maemo/MeeGo     C
Blackberry                            Java
Windows Mobile                   C
Palm Pre/webOS                 C

Currently, the targeted plaforms of porting NSS/JSS are Android and iPhone.
It is understood that not every platform vendor provides suitable
development kit to build NSS/JSS.
It is desirable to have platform vender support.

Other related open-source projects are listed as follows for reference:
1) Android™ Keystore V2
http://android-keystore-v2.webpki.org/
http://webpki.org/auth-token-4-the-cloud.html

2) Secure Element Evaluation Kit for the Android platform
http://code.google.com/p/seek-for-android/

3) CoolKey
http://directory.fedoraproject.org/wiki/CoolKey

4) OpenSC
http://www.opensc-project.org/opensc

5) PCSC-Lite
http://pcsclite.alioth.debian.org/

6) MUSCLE
http://www.linuxnet.com/info.html



On Wed, Aug 25, 2010 at 5:11 PM, Wan-Teh Chang <wtc@xxxxxxxxxx> wrote:

On Wed, Aug 25, 2010 at 1:39 PM, msm Li <mlimsm1@xxxxxxxxx> wrote:

First thing first, does Mozilla have such plan to port NSS/JSS to smart
phone
platform ?

Mozilla doesn't use JSS, so Mozilla is unlikely to work on
porting JSS to new platforms.

Mozilla is porting NSS to Android.  I have not seen any
NSS patches for iPhone, so I don't know if Mozilla is
porting NSS to iPhone.

I am interested in the project you proposed.  Why do you
want to port JSS?

Wan-Teh
--
dev-tech-crypto mailing list
dev-tech-crypto@xxxxxxxxxxxxxxxxx
https://lists.mozilla.org/listinfo/dev-tech-crypto





_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

[Home]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Red Hat 9 Bible]     [Fedora Bible]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]

Powered by Linux
Google
  Web www.spinics.net