Apps/WebApplicationReceipt/GenerationService: Difference between revisions

Jump to navigation Jump to search

Apps/WebApplicationReceipt/GenerationService (view source)

Revision as of 12:59, 6 April 2012

381 bytes removed ,  6 April 2012
→‎Conclusions / Action Items
Line 155: Line 155:
* server ip compromise could allow push of signing cert from root cert to malicious server.
* server ip compromise could allow push of signing cert from root cert to malicious server.
* multiple refunds against non-valid transactions or just too many refunds.
* multiple refunds against non-valid transactions or just too many refunds.
=== Conclusions / Action Items ===
* Who :: What :: By when
* Bill to verify with Justin about plan for receipt revocation
* Need to design and implement a receipt reissue system
* Review to verify daily keys are correctly destroyed each day
* Need to alter receipt verification to cope with the proposed signing chain
* need to define process for recovation/re-issue of root key
== Action Items ==
== Action Items ==
* Who :: What :: By when
* Who :: What :: By when
Curtisk
canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/417328"

Navigation menu