On Fri, 16 Mar 2012 13:16:54 -0700 Jonas Sicking wrote: > It would > have to be through some mechanism other than through the web server to > add any level of security.
It would be best to bundle them with the hardware or bundle mozillas key that other keys are signed or revoked with. Otherwise you would need to use one of the gpg keyservers and then users hope the first transaction to acquire the master public keys was safe. It could use a few gpg keyservers and a mozilla website and take the average reporting any odd keys to mozilla. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
