Confirmed users
491
edits
Apps/WebApplicationReceipt/GenerationService: Difference between revisions
Jump to navigation
Jump to search
Apps/WebApplicationReceipt/GenerationService (view source)
Revision as of 21:00, 28 March 2012
, 28 March 2012→Comments / Concerns / Clarification Needed
m (→Threat Model) |
|||
| Line 65: | Line 65: | ||
== Comments / Concerns / Clarification Needed == | == Comments / Concerns / Clarification Needed == | ||
* [mcoates - 2012-03-28] We refer to sites e.g. "Within a given site". Do we mean data centers? | |||
* [mcoates - 2012-03-28] Need to specifiy that the receipt verfication service hosted by mozilla is only accessible via HTTPS | |||
* [mcoates - 2012-03-28] review Bug needed - review implementation to ensure daily private keys are correctly destroyed | |||
* [mcoates - 2012-03-28] Threat #2 - More discussion is needed here to understand this requested control "Infrasec will correlate the signing activity log with actual requests from the Marketplace. " | |||
== Action Items == | == Action Items == | ||