Native Client Configuration
This configuration applies to native client applications that include custom code and data to support its MSL configuration. Examples include iOS, Android, or CE set-top box firmware.
The MSL stack is assumed to be preinstalled or installed as an application and to contain data that can be used to authenticate remote entities. It may be possible for the MSL stack to be modified by the client user or an unauthorized third party via an exploit.
The keys must be protected against exposure or unauthorized use in all cases.
The pre-shared keys, model group keys, or NP-Ticket entity authentication schemes will be supported.
All user authentication schemes will be supported. The exact scheme used will depend upon the desired sign-up and sign-in user experience.
The JSON Web Encryption key ladder or JSON Web Key key ladder key exchange schemes will be used with the pre-shared keys and model group keys entity authentication schemes. The initial key exchange will use the pre-shared keys or model group keys wrapping key. Each subsequent key exchange will use the previously returned wrapping key.
The asymmetric wrapped or Diffie-Hellman key exchange schemes will be used with the NP-Ticket entity authentication scheme.