In bug 896620 [1], Marco Castelluccio implemented a new app cert verification mechanism on top of the new insanity::pkix certificate verification library. I'm in the process of making some modifications to his work so that we can land it very soon.
See also bug 889744 [2], where reviewers have had difficulty figuring out how to get the reviewer cert onto their Android phone. One effect of this new cert verification is that we now have more flexibility in how we choose which certificates are trusted. In particular, we will now be able to trust a particular root certificate for one validation, and then trust a different root certificate for a different validation. Previously, we always had to trust all installed root certificates (that were trusted for object signing) for every validation. This potentially enables us to make the "reviewer cert" mechanism much simpler. I would like to change it so it works like this: 1. Just like before, we would continue to have separate root certificates for production use and for app review. 2. Just like before, we would continue to use the dom.mozApps.signed_apps_installable_from preference to choose which domains can install signed apps. 3. Unlike before, if the path component of the URL of the page from which you are installing the app starts with "/reviewers/", then we would automatically verify the app signature using the reviewer root instead of the production root. 4. Nobody would ever have to root their phone so they can sneak the reviewer cert onto the device; Gecko (and thus FxDesktop, FxAndroid, and FirefoxOS) would already know about the reviewer cert from the beginning. This proposal hinges on the idea that app reviewers will always install apps that they are reviewing from https://marketplace.firefox.com/reviewers/*. Is this reasonable? It feels a little dirty, but I think that the current reviewer cert mechanism has been so painful to people that the benefit is worth the dirtiness. I also propose to uplift these changes to Gecko 29 so that we can fix this problem in FxAndroid 29. Hopefully FxDesktop 29 will also be able to make use of it. I'm planning to implement this tomorrow, assuming there are no objections. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=896620 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=889744 Cheers, Brian -- Mozilla Networking/Crypto/Security (Necko/NSS/PSM) _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
