Pete Collins wrote:
While there is plenty of built-in CAs giving free certs away for
email I don't know of any doing this for code signing, I can't see
how you can enforce this (for mozilla plug-ins) without either having
the code signed by a person other then the person writing the code,
or people loosing interest in making add-ons for mozilla...
Well it seems there are two options:
1. finding good solutions to securing extensions now
2. finding good solutions to securing extensions after some major
exploit has tarnished the credibility of Mozilla based browsers
Option 2. Only then will we know how much work to
put into protecting the system.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
