I didn't realize the XPI dialog I see is prompted *before* the download.
If the purpose is to protect the user from downloading insecure content, then signature can not work.
I do not follow.
It's a question of threat model. I think, from a threat model analyze point of view, there is no actual gain in asking the client to confirm before download, an attacker can get him to download dangerous content all the same even if he can't get him to install it, and I was a bit worried if the check for consistence with the info after downloading was really rock-solid.
But if the check is good, there is no loss either, so it's not an essential point after all, and I'll stop debating it.
But this kind of analyze also shows that the signature should include a description of *what* the signed content is. It would be cleaner with that. Right now, it's possible to rename a content that has some valid reason to exist and to be signed, but that some people would not wish to install, so as to pretend it's a different thing, and get those people to install it.
If the user confirms, then we proceed to download the remaining installer file. While this dialog is present, I believe that the download continues into temp space.
I just tested it does not. This could be an improvement. But I think also using only one dialog would be an improvement.
However, I am not sure if this is the right newsgroup for use case discussion on how xpinstall should work. Feel free to move this discussion to the .xpinstall ng.
Well, no that we discussed that what does xpinstall seems solid, I'd rather switch to how 'revocation'/'validation of content after cert expiration' can/should be handled, and this is strongly dependant on crypto processing.
I think it could be good to include a crl inside the .rsa file.
Or to have something to automatically get Mozilla to include that crl in the downloads of the crl manager.
Hope this helps,
Sure does :-) _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
