FirefoxOS/New security model/Meetings/2015-08-19 Notes

From MozillaWiki
Jump to: navigation, search

Henry

  • Bug 1188717 - Store necessary info to cache metadata for packaged web app
    • There is size limit for the cache file meta data. Honza suggests to store the info into the cache body.
  • Bug 1185439 - Packaged apps needs to know the header of the multipart'ed content
    • Landed. Start using it in Bug 1178525.
  • Bug 1178525 - Ensure the package is verified before content is served
    • A WIP patch is attached. (async version)
    • In discussion with Valentin and Honza if the manifest verification should be sync or async. Resource ** ** ** integrity check can be synchronous. However, if the manifest verification is async, we then have to buff** ** er the resource we have downloaded and asynchronously check its integrity.ccccccccccccccccccccc
  • Bug 1186290 - Notify TabParent to switch process when a signed packaged is loading from different origin.
    • Closely working with Kanru for integration lately.

Risk: Need to integrate with Process switch Signature verification Permission/system message registration Tend to land Bug 1178525 without signature/permission/process switch taken into account.


Dimi

  • Bug 1189235 - use originAttribute for ServiceWorkerRegistrar
    • There is discussion about should we change version number of registrar
  • Bug 1191647 - Listen to clear-origin-data in ServiceWorkerManager.cpp
    • fix try error, running try again now

Yoshi

  • Bug 1165466 - Fix up docshell and loadcontext inheriting code in nsIScriptSecurityManager to use originAttributes rather than explicitly querying appid/browser.
  • Working on a new version without making nsILoadContext as [builtinclass]
  • Bug 1165272 - unify Get*CodebasePrincipal with createCodebasePrincipal in nsIScriptSecurityManager.
    • running try now, will send r? today.

Kan-Ru

  • Bug 1170894 - New WIP patch. Most functionality implemented: switch process, notify message-mananger change, cache TabParent, going to about:blank

Ethan

  • Bug 1165267 - Use OriginAttributes for nsCookieService
    • Will upload a WIP patch today
    • TODO: Figure out code path of safe browsing
    • TODO: Figure out automation test of cookies
  • Have to figure out dependency between NGA and NSec

Jonathan

  • Bug 1178518 - Support for verifying signed packages
    • It's almost done, but I couldn't make the signing tool in bug 1059208 produce valid signature to test it. Got SEC_ERROR_UNKNOWN_ISSUER or SEC_ERROR_PKCS7_BAD_SIGNATURE
    • Valentine proposed a small change to interface: async => sync.
    • Risk: may not be able to fully test it by the end of S5


Paul

  • Followup from last week
    • Honza is working on cache pinning (3 days?) and then will move onto 1165269
    • Jan review 1165217
  • Update from Stephanie
    • Starting the permission registration, I believe she spoke with Henry about where to integrate and is now working on a patch this week

[PT ongoing]: We need the original HTTP response header for each resource for verification.(ACTION: discuss further offline)

Retrieved from "https://wiki.mozilla.org/index.php?title=FirefoxOS/New_security_model/Meetings/2015-08-19_Notes&oldid=1090957"