I think the lack of progress [*] here has a lot to do with the fact that there's really nothing to gather around. Making security solutions for security-conscious people is probably quite fun but since this only addresses a tiny fraction of the market the urge for consolidation seems pretty limited.
The "Gold Standard" for Internet-payments is still after more than 15 years with on-line banking using Card Numbers and CCVs printed in clear on plastic cards. IMO, the only way to change this would be to introduce secure key-store primitives in the CPU; then there would finally be something to focus on! The only "fly in the soup" is that there's no paying customer out there which is one reason why this "market" has been largely ignored. Personally I don't see the problem; the money is in the services. 0.05 mm2 of silicon real estate is probably all that it takes. Smart cards is for the < 1% market. br ar *] For the *NIX community it might be reassuring to know that not even the latest Android- and iOS-releases support deployment of two-factor authentication tokens. Nobody (AFAIK at least) use the built-in enrollment solutions for mobile banking On 2012-07-24 16:23, David Woodhouse wrote: > On Tue, 2012-07-24 at 16:12 +0200, Anders Rundgren wrote: >> IMO, this is not an NSS issue, it is rather a *NIX issue. All other >> operating systems (that I'm aware of NB...) including *NIX-derivates >> like Android, already have a system-wide cryptographic architecture. > > Yes. It's an issue I'm actively trying to solve. NSS seems to have made > some *attempt* at solving it... which has some issues, and which doesn't > even seem to have been picked up by Mozilla's own products. > > I'm trying to work out whether I should attempt to fix what NSS has and > build on top of it, or whether it should just be discounted as a bad > idea and I should do something completely different. > > I'd *prefer* to get something based on the NSS sysdb to work, and make > it work in GnuTLS/OpenSSL/etc via PKCS#11. But that's just my initial > prejudice. > > > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
