On Tue, Nov 18, 2014 at 7:40 PM, Boris Zbarsky <bzbar...@mit.edu> wrote:
> On 11/18/14, 10:26 PM, Michaela Merz wrote:
>> First: We need signed script code.
> For what it's worth, Gecko supported this for a while.  See
> <http://www-archive.mozilla.org/projects/security/components/signed-scripts.html>.
> In practice, people didn't really use it, and it made the security model a
> _lot_ more complicated and hard to reason about, so the feature was dropped.
> It would be good to understand how proposals along these lines differ from
> what's already been tried and failed.

The way we did script signing back then was nutty in several ways. The
signing we do in FirefoxOS is *much* simpler. Simple enough that no
one has complained about the complexity that it has added to Gecko.

Sadly enhanced security models that use signing by a trusted party
inherently looses a lot of the advantages of the web. It means that
you can't publish a new version of you website by simply uploading
files to your webserver whenever you want. And it means that you can't
generate the script and markup that make up your website dynamically
on your webserver.

So I'm by no means arguing that FirefoxOS has the problem of signing solved.

Unfortunately no one has been able to solve the problem of how to
grant web content access to capabilities like raw TCP or UDP sockets
in order to access legacy hardware and protocols, or how to get
read/write acccess to your photo library in order to build a photo
manager, without relying on signing.

Which has meant that the web so far is unable to "compete with native"
in those areas.

/ Jonas

Reply via email to