Gavin;
I am hopeing that only the storage is being played with! Tracking the
items you mentioned:
1) RFC 1945 does discribe HTTP 1.0 protocol. But makes no mention of the
actions we are looking at. There is a great deal of 'content' that can fit
in the HTTP protocol.
2) Looking at the PSM security page, it seems to be old and not very
specific. I did find:
"PSM 2.0 Plan
# Existing SDR functionality (used to support the Password Manager)."
This might be the functionality, but not very specific. Now what is the "SDR"?
"PSM 2.0 Task list
Configure UI Context for SDR (Secret Decoder Ring) objects
(Mozilla base code ? wallet)"
Somehow I don't think I will find an RFC for that Secret Decoder Ring.
The documentation at that location are generalized specification. The
actual APIs used to implement the functionality seems to be missing....
Victor probo
gavin long wrote:
> Victor Probo wrote:
>
>> I understand the implications of the browser
>> storing/obscurring/encryptiong data to make the user's life easier.
>> What I am asking for are pointers to the API (Application
>> Programming Interface) so I know what those headers are, or how to
>> get the PSM to pass private keys for escrow.
>
> > *Where are the specs/docs?*
>
> Disclaimer: I am not a security expert or a PSM expert, so I can only
> guess about details.
>
> The "disable PSM" being referred to in this thread is, I believe, simply
> a case of switching off the auto form-completions stuff for reasons
> we're both aware of. I am not aware of any methods to do that, but I
> suspect that Moz will do so based on HTTP headers.
>
> HTTP headers will be detailed in the HTTP specs (RFC 1945, I think).
> mozilla is PROBABLY only using standard ones.
>
> In any case, you're best heading over to n.p.m.security.
> http://www.mozilla.org/docs/#security might have useful docs
>
