FirefoxOS/New security model/Meetings/2015-08-19 Notes
From MozillaWiki
< FirefoxOS | New security model | Meetings
Henry
- Bug 1188717 - Store necessary info to cache metadata for packaged web app
- There is size limit for the cache file meta data. Honza suggests to store the info into the cache body.
- Bug 1185439 - Packaged apps needs to know the header of the multipart'ed content
- Landed. Start using it in Bug 1178525.
- Bug 1178525 - Ensure the package is verified before content is served
- A WIP patch is attached. (async version)
- In discussion with Valentin and Honza if the manifest verification should be sync or async. Resource ** ** ** integrity check can be synchronous. However, if the manifest verification is async, we then have to buff** ** er the resource we have downloaded and asynchronously check its integrity.ccccccccccccccccccccc
- Bug 1186290 - Notify TabParent to switch process when a signed packaged is loading from different origin.
- Closely working with Kanru for integration lately.
Risk: Need to integrate with Process switch Signature verification Permission/system message registration Tend to land Bug 1178525 without signature/permission/process switch taken into account.
Dimi
- Bug 1189235 - use originAttribute for ServiceWorkerRegistrar
- There is discussion about should we change version number of registrar
- Bug 1191647 - Listen to clear-origin-data in ServiceWorkerManager.cpp
- fix try error, running try again now
Yoshi
- Bug 1165466 - Fix up docshell and loadcontext inheriting code in nsIScriptSecurityManager to use originAttributes rather than explicitly querying appid/browser.
- Working on a new version without making nsILoadContext as [builtinclass]
- Bug 1165272 - unify Get*CodebasePrincipal with createCodebasePrincipal in nsIScriptSecurityManager.
- running try now, will send r? today.
Kan-Ru
- Bug 1170894 - New WIP patch. Most functionality implemented: switch process, notify message-mananger change, cache TabParent, going to about:blank
Ethan
- Bug 1165267 - Use OriginAttributes for nsCookieService
- Will upload a WIP patch today
- TODO: Figure out code path of safe browsing
- TODO: Figure out automation test of cookies
- Have to figure out dependency between NGA and NSec
Jonathan
- Bug 1178518 - Support for verifying signed packages
- It's almost done, but I couldn't make the signing tool in bug 1059208 produce valid signature to test it. Got SEC_ERROR_UNKNOWN_ISSUER or SEC_ERROR_PKCS7_BAD_SIGNATURE
- Valentine proposed a small change to interface: async => sync.
- Risk: may not be able to fully test it by the end of S5
Paul
- Followup from last week
- Honza is working on cache pinning (3 days?) and then will move onto 1165269
- Jan review 1165217
- Update from Stephanie
- Starting the permission registration, I believe she spoke with Henry about where to integrate and is now working on a patch this week
[PT ongoing]: We need the original HTTP response header for each resource for verification.(ACTION: discuss further offline)