On Thursday, January 29, 2015 6:25 PM, Daniel Kahn Gillmor
wrote:
>On Thu 2015-01-29 20:14:59 -0500, Yan Zhu wrote:
>> A signed manifest-like package description that lists the hash and
>> location of every resource seems fine as long as all the resources are
>> downloade
0:14:59 -0500, Yan Zhu wrote:
>> A signed manifest-like package description that lists the hash and
>> location of every resource seems fine as long as all the resources are
>> downloaded and verified before running the app. Perhaps this kills
>> some of the performance benef
devdatta wrote:
>> Maybe the code from the downloaded package has to be run from a local origin
>> like chrome://*.
>
> Doesn't the same issue that Chris raised still exist? You need a unit
> of isolation that says "only code signed with this public key runs in
> this isolation compartment". C
chris palmer wrote:
> But other code from the same origin might not be signed, which could
> break the security assertion of code signing.
Maybe the code from the downloaded package has to be run from a local origin
like chrome://*.
Hi all, looking over the W3C TAG packaging draft [1], I would like to see
security through package signing as a use case for packaging.
A hypothetical scenario using Google/Yahoo's End to End email encryption
project:
1. User goes to https://cryptomail.yahoo.com/app.pack for the first time. The