On Tue, Feb 27, 2018 at 3:40 PM, Peter Saint-Andre via dev-security-policy < [email protected]> wrote:
> On 2/27/18 3:26 PM, Hanno Böck via dev-security-policy wrote: > > Hi, > > > > On Tue, 27 Feb 2018 09:20:33 -0700 > > Wayne Thayer via dev-security-policy > > <[email protected]> wrote: > > > >> This capability existed in the legacy Firefox extension system that > >> was deprecated last year. It was used to implement stricter security > >> mechanisms (e.g. CertPatrol) and to experiment with new mechanisms > >> such as Certificate Transparency and DANE. > > > > Wouldn't be a good compromise to say: Extensions can downgrade > > security, but they can't upgrade it? > In the bug I referenced as [2], people said that they specifically need to be able to override "negative" certificate validation decisions, so they may not see this as a compromise. I think an example would be a site serving a self-signed certificate for a DANE add-on to validate. > > Don't you mean the other way around? Otherwise, we're creating a > powerful footgun. > > I assume that by "downgrade", Hanno meant "change the UI to indicate a bad cert" and by "upgrade" he meant "indicate a valid cert in the UI when validation has failed". _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
