On Tue, July 10, 2012 12:32 pm, Robert Relyea wrote: > On 07/09/2012 02:03 PM, Anders Rundgren wrote: > > Ian, > > Pardon me if I was a bit terse in my response. > > > > What I meant was simple that Operating Systems manage > > critical resources but only occasionally keys. That is, > > access to persistent keys should only be done through > > OS calls like it has been the case for files since at > > least 40 years back. However, keys have other properties > > than files but that still don't make the concept bad; just > > different. > > > > Example: A key may be "owned" by a user but it might still not > > be granted access by all the user's applications because the > > key is (in most cases) provided by another party. NSS and JDK > > seems to be severely lagging in this respect. > > > > I don't think porting NSS to Android necessarily is a prerequisite > > for porting Firefox to Android. IMO, it is rather a disadvantage > > with multiple keystores and systems. > > > > Anders > > I think you have misunderstood what I was doing. > > To date both android and chrome already use NSS ports in android, it's > just built in their environment. What I've done is set up NSS so we can > build it stand alone (in the NSS environment) and also to build to NSS > tools so we can run the NSS tests. This is for 2 reasons 1) to have a > big endian platform in our regular tinderbox, and 2) have a tinderbox > test for one of the major platforms FF is already supporting. > > bob
Small clarification: Chrome does not use NSS on Android. The discussion so far of Chrome+Android has been in the context of how Chrome runs it unit tests on Android devices, since there are quite a few similarities between Chrome's and Firefox's/NSS's testing needs. Both use buildbot, both have to cross-compile with the NDK, both require tests that involve network services that cannot be hoisted on the device, etc. As NSS is integrated into the Mozilla tinderbox, I've just been trying to provide guidance and experience for how we've solved similar problems. Cheers, Ryan > > > > On 2012-07-06 12:54, Anders Rundgren wrote: > >> On 2012-07-06 10:29, ianG wrote: > >>> On 6/07/12 16:14 PM, Anders Rundgren wrote: > >>>> On 2012-07-06 01:51, Robert Relyea wrote: > >>>>> I've gotten NSS to build and mostly run the tests for Android. > >>> Cool! > >>> > >>> > >>>>> There are > >>>>> still a number of tests failing, so the work isn't all done, but it > >>>>> was > >>>>> a good point to snapshot what I had. > >>>> How does this compare/interact with Android's built-in key-store? > >>>> > >>>> I'm personally unconvinced that security subsystems running in the > >>>> application's/user's own security context represent the future since > >>>> they don't facilitate application-based access control unless each > >>>> application does its own enrollment. > >>> > >>> The way I see this is that security subsystems running in the > >>> app/user's > >>> own security context is sub optimal for development cost purposes. > >>> And, > >> ??? > >> > >>> running in the platform's security context is sub optimal for security > >>> motives. > >> I'm not sure I understand the rationale here. > >> > >>> Where the sweet spot is tends to vary and isn't really a universally > >>> answerable question. > >> Anders > >> > >>> iang > >>> > >> > > > > > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
