Hi Julien, What is Oracle's interest in NSS? IMO, NSS and JDK are behind the rest of the crypto world due to the lack of integration with the target OS.
It is possible that this is a no-issue for server-companies like RedHat but for Mozilla OS it spells disaster. That is, cryptographic keys should be access-controlled by the OS regardless if the key resides in a file or in a "machine". With OS-level access-control you can eventually add an application-discriminator as well. I believe the latter is more or less a prerequisite for supporting a GlobalPlatform-like SE: http://code.google.com/p/seek-for-android/wiki/AccessControlIntroduction I believe this is featured in the Google Wallet. Trusted GUIs for PIN-codes is also a part of such a plot. Can trusted GUI's be spoofed? Yes, but with a properly designed platform it doesn't really matter because the crypto module won't care about PINs supplied through other means if that is the policy set on the key. This obviously requires that the crypto stuff runs in a trusted process rather than in a user context. Anders On 2012-12-14 03:35, Julien Pierre wrote: > Hi Kai, > > Good to see you stick around in the Mozilla crypto world . > Are there big projects coming up in NSS land ? Or did somebody leave the > project ? > > Thanks, > Julien > > On 12/13/2012 08:10, Kai Engert wrote: >> Brendan Eich suggested posting to this list, too >> (already posted yesterday to Mozilla's dev-planning list). >> >> >> Hello Mozilla, I'd like to announce a change. >> >> PSM is the name of Mozilla's glue code for PKI related [1] security >> features, such as certificate management, web based certificate >> enrollment, tracking the security state of web pages (padlock/EV), >> application preferences for certificate validation, >> SSL error reporting, handling of certificate exceptions, >> user interface for SSL client authentication, etc. >> >> After having contributed to this module for over 11 years, >> it's time for me to step down from the PSM module ownership role. >> >> The new module owner of PSM will be Brian Smith. >> >> I've switched my main focus to the NSS security libraries [2], >> and to PKI features across Linux applications in general. >> >> PSM operates on top of NSS, thereby I'll continue to indirectly >> contribute to Mozilla's projects. >> >> I'd like to thank the people who have contributed to the PSM module >> over time, and I'd like to thank my employer Red Hat, Inc., which has >> allowed me to make PSM a priority during the previous 7 years and >> continues to support my work on NSS. >> >> Regards >> Kai >> >> [1] http://en.wikipedia.org/wiki/Public_key_infrastructure >> [2] https://developer.mozilla.org/en-US/docs/NSS >> >> > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
