Security use cases for packaging

2015-01-29 Thread Yan Zhu
Hi all, looking over the W3C TAG packaging draft [1], I would like to see security through package signing as a use case for packaging. A hypothetical scenario using Google/Yahoo's End to End email encryption project: 1. User goes to https://cryptomail.yahoo.com/app.pack for the first time. The

Re: Security use cases for packaging

2015-01-29 Thread Yan Zhu
chris palmer wrote: But other code from the same origin might not be signed, which could break the security assertion of code signing. Maybe the code from the downloaded package has to be run from a local origin like chrome://*.

Re: Security use cases for packaging

2015-01-29 Thread Yan Zhu
devdatta wrote: Maybe the code from the downloaded package has to be run from a local origin like chrome://*. Doesn't the same issue that Chris raised still exist? You need a unit of isolation that says only code signed with this public key runs in this isolation compartment. Chrome

Re: Security use cases for packaging

2015-01-29 Thread Yan Zhu
2015-01-29 20:14:59 -0500, Yan Zhu wrote: A signed manifest-like package description that lists the hash and location of every resource seems fine as long as all the resources are downloaded and verified before running the app. Perhaps this kills some of the performance benefits motivating

Re: Security use cases for packaging

2015-01-29 Thread Yan Zhu
On Thursday, January 29, 2015 6:25 PM, Daniel Kahn Gillmor d...@fifthhorseman.net wrote: On Thu 2015-01-29 20:14:59 -0500, Yan Zhu wrote: A signed manifest-like package description that lists the hash and location of every resource seems fine as long as all the resources are downloaded