Forwarding to dev-tech-crypto where this is more on-topic.
-Dan Veditz
--- Begin Message ---
NSS was designed when physically distributed smart cards were anticipated to
become the norm.
This didn't really happen but instead we got mobile devices with support for
TEEs (Trusted Execution Environments):
http://webpki.org/papers/SKS-KeyGen2_FullStack.pdf
NSS cannot deal with provisioning of TEEs because it doesn't support
provisioning of keys in an E2ES (End-To-End-Security) fashion. This is hardly
surprising since <keygen> was designed 1995.
In addition we need entirely new key access protection models:
http://webpki.org/papers/key-access.pdf
With a new key-system you could do things like:
https://mobilepki.org/WebCryptoPlusPlus
There's much more to this but I wanted to hear what Mozilla are thinking
regarding key-storage.
I'm prepared to help making this upgrade possible!
Cheers,
Anders Rundgren
_______________________________________________
dev-security mailing list
dev-secur...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
--- End Message ---
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
