On Mon, Mar 19, 2012 at 3:19 PM, Andreas Gal <[email protected]> wrote:
> I think the same system works just fine, with a twist. For highly privileged
> APIs only trusted stores can grant access
andreas - it's fine to propose such, but first you have to actually
think it through: how is that enforced?
> and those stores can require to host your code from a domain they control.
again: how is that enforced?
it's no good proposing such simple things, sounding so simple, if,
when you think it through, it turns out to be meaningless as it
doesn't fulfil the security requirements.
> This requires much less reinventing the web than the signature idea.
actually... if you follow that uri proposal ("apt://" or "yum://") you
actually have zero "web-reinventing" _and_ you get proper signatures
and everything that goes with it.
i didn't propose the apt:// idea just to make a lot of work for the
B2G team, i proposed it because it will actually make *less* work to
achieve the goal *and* offer damn good security infrastructure.
> The Mozilla store for example can require that all highly trusted apps are
> hosted at app5472.mozilla.org etc.
... which, again, and i apologise for having to repeat this, means
that app5472.mozilla.org becomes a single-point-of-failure for all
highly trusted apps.
you have to think these things through, andreas!
l.
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
