Hello I want to say I totally support the ideal of removing packaged apps. INMHO, I think we need a way to move from on-line to off-line applications in a transparent way in order to make "installation" process almost trivial. For this purpose some mechanism like offline cache is necessary. If current implementation is bugged, let's find a better alternative.
For the problems exposed by Jonas, I'm not an expert but some of them can be easily addressed: On 08/07/13 23:31, Ben Francis wrote:
In his email, Jonas proposed the following requirements for trusted apps: 1. The ability for a trusted party to review an app and indicate some level of trust in the app (or potentially in the app developer).
With a list of downloadable content to be installed (some like the Offline Cache), a third party could retrieve a version of the software, then review it.
2. A mechanism for signing an app to verify that the app actually contains the content that was reviewed.
With a digest algorithm based on the content of each file the third party and the User Agent could compute the same signature and see if it matches. I have in mind some sha1-based like in Git. At least, all is about content.
3. Use of a minimum CSP policy for all pages of an app to ensure only the reviewed code runs.
Sorry but I don't understand the problem here. I can currently load an external script from a packaged application and run its code.
4. A separate data jar for local data to ensure a compromised web site can not write to the local data of an app to alter the way it behaves.
If the UA receive an update order for the Offline Cache of a determined App, it can perform another digest and sent to the third party in order to see if the new code has been reviewed. Maybe I did not understand what is a compromised web in this context or how it could be a hazard..
5. A separate origin for the resources of an app so that the app can not be tricked into running un-reviewed code from the same origin with escalated privileges.
Same as above. With the digest mechanism you can say if the version the third party reviewed and the device version differs, then ask the user. If you think the digest process delays the application execution, it is true but you can cover this time by adding it to the "installation/update process". Maybe I'm very naive about security so if you can clarify me some aspects I did not take in count, I was very pleased to read about. Best! ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
