----- Original Message ----- > From: "Jonas Sicking" <[email protected]> > To: "Jim Straus" <[email protected]> > Cc: [email protected], [email protected], > "ptheriault" <[email protected]>, "Mozilla > B2G mailing list" <[email protected]>, [email protected] > Sent: Friday, March 16, 2012 12:39:31 PM > Subject: Re: [b2g] OpenWebApps/B2G Security model > As I've stated, I don't want to force app developers to have to their > code inspected by stores, nor do I want to force stores to review > developers code. And if a code review hasn't happened I don't see > what > signing the code buys anyone. >
I would argue that code signing and code review are orthogonal issues. Codesigning doesn't guarantee that code / binary has been reviewed for malicious behaviour. Instead it gives you some degree of trust that the code originates from author/company X. > Instead I want stores to verify that they can trust a developer > through things like contractual means and restricting which set of > privileges they give an app. It has also been suggested that stores > should be able to require certain technical security measures from > the > app, like EV Certs and/or certain CSP policies. This sounds like > great > ideas to me. Likewise, it would likely be a good idea to have minimum > requirements on stores that they use things like EV Certs and CSP > policies. > I think we are in agreement that not all apps should have access to all privileges. > If we do this, then we can use SSL both go guarantee that the code > that is delivered to the user is the code that the developers have > authored, and the security policy that the store intended to entrust > the code is the policy that is delivered to the user. > SSL doesn't protect us from a server compromise scenario. Though that doesn't matter if the store is a permissions granter, since a compromised store can just grant all permissions to rogue app X. > / Jonas > _______________________________________________ > dev-webapps mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-webapps > _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
