Apps/WebApplicationReceipt/GenerationService: Difference between revisions

Jump to navigation Jump to search

Apps/WebApplicationReceipt/GenerationService (view source)

Revision as of 20:47, 11 May 2012

694 bytes added ,  11 May 2012
→‎Comments / Concerns / Clarification Needed
Line 140: Line 140:


* [andym 2012-04-08] "When a user agent notices that a receipt is approaching its expiry date" I haven't seen anything to suggest that receipts themselves have expiry dates.
* [andym 2012-04-08] "When a user agent notices that a receipt is approaching its expiry date" I haven't seen anything to suggest that receipts themselves have expiry dates.
* [kang 2012-05-11] In Appendix B, the public key which is the root of the trust is stored on a HTTPS webserver. This means if the webserver is compromised, the key can be replaced by any key and the applications will trust it (which may be what you meant by "compromise SSL"). A possible recommendation would be to generate 2 keys in the HSM, lets call them master key and sub key. The master key sign the sub pub key, and we place it on the HTTPS webserver. All apps verify up to the master key, enforcing that, any key must be signed by the HSM master key in order to be trusted (so if someone replace the key on the HTTPS webserver it won't work. he would have to also compromise the HSM)
   
   
===Security Review Notes===
===Security Review Notes===
Gdestuynder
Confirmed users
502

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/430021"

Navigation menu