IMVVVVVVHO, Firefox/Mozilla should work like Chrome: using the keystore of each OS. ie: MSKeystore on Windows, Keychain on OSX and (a shared) NSS on Linux. Similar for Android or other systems.
Probably (surely) this was discussed somewhere and some time ago, but maybe the time to change has come (?). In the other hand: Thank you for building this for android On Mon, Jul 9, 2012 at 11:03 PM, Anders Rundgren <anders.rundg...@telia.com> wrote: > Ian, > Pardon me if I was a bit terse in my response. > > What I meant was simple that Operating Systems manage > critical resources but only occasionally keys. That is, > access to persistent keys should only be done through > OS calls like it has been the case for files since at > least 40 years back. However, keys have other properties > than files but that still don't make the concept bad; just > different. > > Example: A key may be "owned" by a user but it might still not > be granted access by all the user's applications because the > key is (in most cases) provided by another party. NSS and JDK > seems to be severely lagging in this respect. > > I don't think porting NSS to Android necessarily is a prerequisite > for porting Firefox to Android. IMO, it is rather a disadvantage > with multiple keystores and systems. > > Anders > > On 2012-07-06 12:54, Anders Rundgren wrote: >> On 2012-07-06 10:29, ianG wrote: >>> On 6/07/12 16:14 PM, Anders Rundgren wrote: >>>> On 2012-07-06 01:51, Robert Relyea wrote: >>>>> I've gotten NSS to build and mostly run the tests for Android. >>> >>> Cool! >>> >>> >>>>> There are >>>>> still a number of tests failing, so the work isn't all done, but it was >>>>> a good point to snapshot what I had. >>>> >>>> How does this compare/interact with Android's built-in key-store? >>>> >>>> I'm personally unconvinced that security subsystems running in the >>>> application's/user's own security context represent the future since >>>> they don't facilitate application-based access control unless each >>>> application does its own enrollment. >>> >>> >>> The way I see this is that security subsystems running in the app/user's >>> own security context is sub optimal for development cost purposes. And, >> >> ??? >> >>> running in the platform's security context is sub optimal for security >>> motives. >> >> I'm not sure I understand the rationale here. >> >>> >>> Where the sweet spot is tends to vary and isn't really a universally >>> answerable question. >> >> Anders >> >>> >>> iang >>> >> >> > > > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
