On Tuesday, March 24, 2015 at 1:14:26 AM UTC+1, Dave Huseby wrote: > Paul and I were discussing this in the context of the proposed > crypto-ish hardware framework. I'm replying here to get some more > eyes on what we discussed. > > Using apps to provide services via IAC of some form is a good approach > to adding support for crypto-ish hardware (e.g. secure elements, > yubikeys, hardware bitcoin wallets, hardware entropy sources, etc). > > What I'd like to see is crypto-ish hardware manufacturers creating > signed apps that we can grant access to restricted APIs for talking to > their hardware (i.e. Yubico writes a signed Yubikey app that gets > access to their hardware and can respond to IAC requests from other apps > ). > > This avoids having to figure out how to give 3rd party apps direct > access to the hardware. It puts the responsibility of supporting a > piece of hardware into the hands of the manufacturer. It allows for > supporting a multiplicity of crypto-ish hardware without having a > specific API for each one. > > I'm currently attempting to build a prototype certified app that will > access a Secure Element and respond to IAC requests from other > certified apps. > > Some of the prototype use cases we've thought of are: > > 1. Storing an encryption key on the Secure Element and using it to > encrypt/decrypt email credentials so that we no longer store them in > the clear. > > 2. Creating a generic key store Secure Element applet and allowing > other apps to generate and store the keys on the Secure Element > instead of on the flash. > > 3. Implementing a shared secret + time one-time-password applet for > the Secure Element and using that for two-factor auth. > > Ultimately, I want 3rd-party apps to be able to talk to the service > apps, but for now I'm just trying to prove that this is viable for > certified apps. > > WDYT?
This sound very interesting. Would these services be available in the "Open Web"? Would they be useful for other platforms as well? _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
