canmove, Confirmed users
1,570
edits
Extension Manager:Addon Update Security: Difference between revisions
Extension Manager:Addon Update Security (view source)
Revision as of 09:37, 29 June 2007
, 29 June 2007→Proposed Implementation
No edit summary |
|||
| Line 47: | Line 47: | ||
=== Securing Update Manifests Through Digital Signatures === | === Securing Update Manifests Through Digital Signatures === | ||
Add-ons authors may instead choose to sign the update manifest with a digital signature. In order to accomplish this they must generate a public and private key pair. They will keep the private key secret and include the public key in the add-on (actual place tbd but likely as an extra file or resource in the install.rdf). | |||
The private key is then used to sign the contents of the update manifest an an additional property of the update manifest will contain the signature. | |||
* Need to provide tools to make this simple, possibly an xulrunner app. | |||
During an update check the public key in the already installed add-on will be used to verify the digital signature against the update manifest's content ensuring that it has not been tampered with. | |||
If the digital signature suggests that the update manifest has been tampered with then the entire update manifest is ignored and the update check is taken to have failed. It should be noted that this will occur even if the update manifest was delivered over an SSL connection. | |||
* What do we do if we have no public key and the update manifest has a signature and it was delivered over SSL? | |||
* What do we do if we have a public key and the update manifest has no signature but it was delivered over SSL | |||
* Need to spec out precisely what the signature is signing. | |||
=== Non-conforming Add-ons === | === Non-conforming Add-ons === | ||