canmove, Confirmed users
1,220
edits
FirefoxOS/New security model: Difference between revisions
Jump to navigation
Jump to search
→Signing: bugs moved to top.
Ptheriault (talk | contribs) |
Ptheriault (talk | contribs) (→Signing: bugs moved to top.) |
||
| Line 27: | Line 27: | ||
=== Signing === | === Signing === | ||
** [META] Tracking bug for Signing implementation of New Security Model {{Bug|1153420}} | ** [META] Tracking bug for Signing implementation of New Security Model {{Bug|1153420}} | ||
Bug XXX - Marketplace to generate new signed packages | Bug XXX - Marketplace to generate new signed packages | ||
| Line 34: | Line 32: | ||
Bug XXX- Marketplace infrastructure to support protection of sensitive APIs | Bug XXX- Marketplace infrastructure to support protection of sensitive APIs | ||
Bug XXX- Marketplace infrastructure to support approving developer for specific permissions (low priority) | Bug XXX- Marketplace infrastructure to support approving developer for specific permissions (low priority) | ||
Bug XXX - Developer/Reviewer tools for creating signed packages for testing | |||
Bug XXX - Developer/Reviewer tools for creating signed | |||
bug XXX - provide blocklisting mechanism for apps | bug XXX - provide blocklisting mechanism for apps | ||
bug xxx - enable hosting signed packages on developer server. Depends on blocklisting. | bug xxx - enable hosting signed packages on developer server. Depends on blocklisting. | ||
Bug XXX - moved signed packages to seperate user content domain | Bug XXX - moved signed packages to seperate user content domain | ||
Bug xxx - have separate domains per-package (low priority) | Bug xxx - have separate domains per-package (low priority) | ||
We will require that all content which uses "sensitive APIs" is signed. For now only the firefox marketplace will be allowed to do the signing. Possibly this will be changed in the future, but that's likely more a policy change than a code change. | |||
Signing is done by having the developer package the content into a package and submit it to the mozilla marketplace. The marketplace will review the app and then add a signature to the package. The developer can then download the signed package and upload to the developer's website. | |||
♦ '''Issue:''' Should we allow other forms manual review of each app? Can the marketplace "review a developer" and give the developer access to automatic signing? | |||
The format used for the packaging will be the one defined in the [https://github.com/w3ctag/packaging-on-the-web W3C packaging spec draft]. A header is added to the package to indicate that it's a signed package. The advantage of this packaging format, compared to zip, is that it's streamable. | The format used for the packaging will be the one defined in the [https://github.com/w3ctag/packaging-on-the-web W3C packaging spec draft]. A header is added to the package to indicate that it's a signed package. The advantage of this packaging format, compared to zip, is that it's streamable. | ||
| Line 53: | Line 50: | ||
♦ '''Issue:''' Decide on exact signature format. Should we require that the signature-files live at the start of the package. That way we'd always have the signature available before the file contents covered by the signature. | ♦ '''Issue:''' Decide on exact signature format. Should we require that the signature-files live at the start of the package. That way we'd always have the signature available before the file contents covered by the signature. | ||
=== Verifying signatures === | === Verifying signatures === | ||