NSS in Firefox OS

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

NSS in Firefox OS

Anders Rundgren
I've heard about the Firefox OS but haven't been able to find much information about the internals, at least not the crypto-part.

Anyway, I guess that Firefox OS uses NSS?
Is it still is based on the idea that key access is done in the application context rather than through a service?

Anders
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: NSS in Firefox OS

Brian Smith-31
Anders Rundgren wrote:
> Anyway, I guess that Firefox OS uses NSS?
> Is it still is based on the idea that key access is done in the
> application context rather than through a service?

B2G (Firefox OS) does use NSS. Nothing has changed regarding the process separation between Gecko and the private key material.

However, B2G uses a process separation model where the Gecko parent (chrome) process is separated from the web content.

Cheers,
Brian
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: NSS in Firefox OS

Vishal-12
In reply to this post by Anders Rundgren
On Saturday, October 20, 2012 10:33:58 PM UTC+5, Brian Smith wrote:
> Anders Rundgren wrote: > Anyway, I guess that Firefox OS uses NSS? > Is it still is based on the idea that key access is done in the > application context rather than through a service? B2G (Firefox OS) does use NSS. Nothing has changed regarding the process separation between Gecko and the private key material. However, B2G uses a process separation model where the Gecko parent (chrome) process is separated from the web content. Cheers, Brian

Can someone give a detailed view if how smime works in nss ?
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

How does SMIME work in NSS (was Re: NSS in Firefox OS)

Brian Smith-31
Vishal wrote:

> On Saturday, October 20, 2012 10:33:58 PM UTC+5, Brian Smith wrote:
> > Anders Rundgren wrote: > Anyway, I guess that Firefox OS uses NSS?
> > > Is it still is based on the idea that key access is done in the
> > > application context rather than through a service? B2G (Firefox
> > OS) does use NSS. Nothing has changed regarding the process
> > separation between Gecko and the private key material. However,
> > B2G uses a process separation model where the Gecko parent
> > (chrome) process is separated from the web content. Cheers, Brian
>
> Can someone give a detailed view if how smime works in nss ?

I don't work on S/MIME stuff. If I had to learn it, I would start by reading the source code to cmsutils, and the header files for lib/smime.

http://mxr.mozilla.org/security/source/security/nss/cmd/smimetools/cmsutil.c
http://mxr.mozilla.org/security/source/security/nss/lib/smime/cmst.h
http://mxr.mozilla.org/security/source/security/nss/lib/smime/cms.h
http://mxr.mozilla.org/security/source/security/nss/lib/smime/smime.h

Then, I would search for "SMIME" in the Thunderbird source code:
https://mxr.mozilla.org/comm-central/search?string=SMIME&case=1&find=&findi=&filter=^[^\0]*%24&hitlimit=&tree=comm-central

Cheers,
Brian

--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Root Certificates in Firefox OS (was Re: NSS in Firefox OS)

Rob Stradling
In reply to this post by Brian Smith-31
On 20/10/12 18:33, Brian Smith wrote:
<snip>
> B2G (Firefox OS) does use NSS.

Brian,

I presume that Firefox OS trusts NSS's "Built-in" Root Certificates [1],
but what (if anything) does Firefox OS do for EV SSL?

Does Firefox OS import PSM's list of EV-enabled Root Certificates? [2]

Thanks.


[1]
https://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt

[2]
https://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsIdentityChecking.cpp

<snip>

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Root Certificates in Firefox OS (was Re: NSS in Firefox OS)

Rob Stradling
On 18/04/13 13:54, Rob Stradling wrote:

> On 20/10/12 18:33, Brian Smith wrote:
> <snip>
>> B2G (Firefox OS) does use NSS.
>
> Brian,
>
> I presume that Firefox OS trusts NSS's "Built-in" Root Certificates [1],
> but what (if anything) does Firefox OS do for EV SSL?
>
> Does Firefox OS import PSM's list of EV-enabled Root Certificates? [2]

https://bugzilla.mozilla.org/show_bug.cgi?id=787155#c10 seems to answer
my question.

"...B2G doesn't have an EV indicator anyway".

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Root Certificates in Firefox OS (was Re: NSS in Firefox OS)

Brian Smith-31
Rob Stradling wrote:
> > I presume that Firefox OS trusts NSS's "Built-in" Root Certificates
> > [1], but what (if anything) does Firefox OS do for EV SSL?

As you found, Firefox OS doesn't have an EV UI, and in fact I just disabled the EV validation logic in B2G for performance reasons, given that it was wasted effort without a UI.

> > Does Firefox OS import PSM's list of EV-enabled Root Certificates?
> > [2]

It did, but I just disabled that since it wasn't being used for anything.

Note that this wasn't a policy decision. It could be that we will have an EV indicator in the future on B2G. I expect we will eventually try to make all our products consistent, one way or another.

Cheers,
Brian
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto