Time to dump NSS

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Time to dump NSS

Anders Rundgren-2
NSS was designed when physically distributed smart cards were anticipated to become the norm.

This didn't really happen but instead we got mobile devices with support for TEEs (Trusted Execution Environments):

NSS cannot deal with provisioning of TEEs because it doesn't support provisioning of keys in an E2ES (End-To-End-Security) fashion.  This is hardly surprising since <keygen> was designed 1995.

In addition we need entirely new key access protection models:

With a new key-system you could do things like:

There's much more to this but I wanted to hear what Mozilla are thinking regarding key-storage.

I'm prepared to help making this upgrade possible!

Anders Rundgren
dev-security mailing list
[hidden email]