FirefoxOS/New security model: Difference between revisions

FirefoxOS/New security model (view source)

Revision as of 19:42, 29 June 2015

2 bytes added , 29 June 2015

→‎Signing

Ptheriault

canmove, Confirmed users

1,220

edits

@@ Line 27: / Line 27: @@
 === Signing ===
 ** [META] Tracking bug for Signing implementation of New Security Model {{Bug|1153420}}
+We will require that all content which uses "sensitive APIs" is signed. For now only the firefox marketplace will be allowed to do the signing. Possibly this will be changed in the future, but that's likely more a policy change than a code change.
+Signing is done by having the developer package the content into a package and submit it to the mozilla marketplace. The marketplace will review the app and then add a signature to the package. The developer can then download the signed package and upload to the developer's website.
+♦ '''Issue:''' Should we allow other forms manual review of each app? Can the marketplace "review a developer" and give the developer access to automatic signing?
+The format used for the packaging will be the one defined in the [https://github.com/w3ctag/packaging-on-the-web W3C packaging spec draft]. A header is added to the package to indicate that it's a signed package. The advantage of this packaging format, compared to zip, is that it's streamable.
+The format used for the signature is still to be determined, but hopefully we can use the same file formats and file names as used today. However it's important that the signatures also cover the header data for each resource, as well as the header data for the package itself.
+♦ '''Issue:''' Decide on exact signature format. Should we require that the  signature-files live at the start of the package. That way we'd always  have the signature available before the file contents covered by the  signature.
 <bugzilla>
@@ Line 36: / Line 52: @@
    }
 </bugzilla>
 Bug XXX - Marketplace to generate new signed packages
 Bug XXX - Marketplace to convert existing packages to new format
@@ Line 46: / Line 61: @@
 Bug XXX - moved signed packages to seperate user content domain
 Bug xxx - have separate domains per-package (low priority)
-We will require that all content which uses "sensitive APIs" is signed. For now only the firefox marketplace will be allowed to do the signing. Possibly this will be changed in the future, but that's likely more a policy change than a code change.
-Signing is done by having the developer package the content into a package and submit it to the mozilla marketplace. The marketplace will review the app and then add a signature to the package. The developer can then download the signed package and upload to the developer's website.
-♦ '''Issue:''' Should we allow other forms manual review of each app? Can the marketplace "review a developer" and give the developer access to automatic signing?
-The format used for the packaging will be the one defined in the [https://github.com/w3ctag/packaging-on-the-web W3C packaging spec draft]. A header is added to the package to indicate that it's a signed package. The advantage of this packaging format, compared to zip, is that it's streamable.
-The format used for the signature is still to be determined, but hopefully we can use the same file formats and file names as used today. However it's important that the signatures also cover the header data for each resource, as well as the header data for the package itself.
-♦ '''Issue:''' Decide on exact signature format. Should we require that the  signature-files live at the start of the package. That way we'd always  have the signature available before the file contents covered by the  signature.
 === Verifying signatures ===

FirefoxOS/New security model: Difference between revisions

FirefoxOS/New security model (view source)

Revision as of 19:42, 29 June 2015

Navigation menu

Search