Re: Building and running NSS for Android.

Tue, 10 Jul 2012 12:33:39 -0700 

On 07/09/2012 02:03 PM, Anders Rundgren wrote:

Ian,
Pardon me if I was a bit terse in my response.

What I meant was simple that Operating Systems manage
critical resources but only occasionally keys.  That is,
access to persistent keys should only be done through
OS calls like it has been the case for files since at
least 40 years back.  However, keys have other properties
than files but that still don't make the concept bad; just
different.

Example: A key may be "owned" by a user but it might still not
be granted access by all the user's applications because the
key is (in most cases) provided by another party.  NSS and JDK
seems to be severely lagging in this respect.

I don't think porting NSS to Android necessarily is a prerequisite
for porting Firefox to Android.  IMO, it is rather a disadvantage
with multiple keystores and systems.

Anders


I think you have misunderstood what I was doing.
To date both android and chrome already use NSS ports in android, it's just built in their environment. What I've done is set up NSS so we can build it stand alone (in the NSS environment) and also to build to NSS tools so we can run the NSS tests. This is for 2 reasons 1) to have a big endian platform in our regular tinderbox, and 2) have a tinderbox test for one of the major platforms FF is already supporting. 

bob


On 2012-07-06 12:54, Anders Rundgren wrote:

On 2012-07-06 10:29, ianG wrote:

On 6/07/12 16:14 PM, Anders Rundgren wrote:

On 2012-07-06 01:51, Robert Relyea wrote:

I've gotten NSS to build and mostly run the tests for Android.

Cool!



There are
still a number of tests failing, so the work isn't all done, but it was
a good point to snapshot what I had.

How does this compare/interact with Android's built-in key-store?

I'm personally unconvinced that security subsystems running in the
application's/user's own security context represent the future since
they don't facilitate application-based access control unless each
application does its own enrollment.


The way I see this is that security subsystems running in the app/user's
own security context is sub optimal for development cost purposes.  And,

???


running in the platform's security context is sub optimal for security
motives.

I'm not sure I understand the rationale here.


Where the sweet spot is tends to vary and isn't really a universally
answerable question.

Anders


iang









-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to