Time to dump NSS

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Time to dump NSS

Anders Rundgren-2
NSS was designed when physically distributed smart cards were anticipated to become the norm.

This didn't really happen but instead we got mobile devices with support for TEEs (Trusted Execution Environments):
http://webpki.org/papers/SKS-KeyGen2_FullStack.pdf

NSS cannot deal with provisioning of TEEs because it doesn't support provisioning of keys in an E2ES (End-To-End-Security) fashion.  This is hardly surprising since <keygen> was designed 1995.

In addition we need entirely new key access protection models:
http://webpki.org/papers/key-access.pdf

With a new key-system you could do things like:
https://mobilepki.org/WebCryptoPlusPlus

There's much more to this but I wanted to hear what Mozilla are thinking regarding key-storage.

I'm prepared to help making this upgrade possible!

Cheers,
Anders Rundgren
_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security