12
edits
Talk:Extension Manager:Addon Update Security: Difference between revisions
Jump to navigation
Jump to search
m
Talk:Extension Manager:Addon Update Security (view source)
Revision as of 19:32, 9 July 2007
, 9 July 2007added mossop's sig for clarity
m (added mossop's sig for clarity) |
|||
| Line 20: | Line 20: | ||
1. Suppose install.rdf contains an em:updateURL of http://foo.com/update.rdf. When FF retrieves the resource at http://foo.com/update.rdf, if the resource does not contain an em:updateHash element or the value of the em:updateHash element is incorrect, the update is not installed. | 1. Suppose install.rdf contains an em:updateURL of http://foo.com/update.rdf. When FF retrieves the resource at http://foo.com/update.rdf, if the resource does not contain an em:updateHash element or the value of the em:updateHash element is incorrect, the update is not installed. | ||
* That is correct. However in order for the updateURL to be used at all it must be digitally signed. | * That is correct. However in order for the updateURL to be used at all it must be digitally signed. --[[User:Mossop|Mossop]] | ||
2. Suppose install.rdf contains an em:updateURL of https://foo.com/update.rdf. When FF retrieves the resource at https://foo.com/update.rdf, FF will install the update even if no em:updateHash element exists (assuming there are no problems with the certificate for foo.com). If, however, em:updateHash does exist, it is checked for validity against the update. | 2. Suppose install.rdf contains an em:updateURL of https://foo.com/update.rdf. When FF retrieves the resource at https://foo.com/update.rdf, FF will install the update even if no em:updateHash element exists (assuming there are no problems with the certificate for foo.com). If, however, em:updateHash does exist, it is checked for validity against the update. | ||
* This is currently incorrect. The current version of the proposal requires updateHashes to be present at all times. There have been suggestions that this should be dropped in the event that the updateLink is on a secure server but that has not been finally decided. | * This is currently incorrect. The current version of the proposal requires updateHashes to be present at all times. There have been suggestions that this should be dropped in the event that the updateLink is on a secure server but that has not been finally decided. --[[User:Mossop|Mossop]] | ||
3. Suppose install.rdf contains no updateURL. FF EM exclusively contacts AMO via https:// for updates. | 3. Suppose install.rdf contains no updateURL. FF EM exclusively contacts AMO via https:// for updates. | ||
* This is correct for a regular install of Firefox yes. Obviously it is possible for users to change the extensions.update.url preference to point anywhere they like, but that should be the only case where this wasn't true. Obviously third party applications may choose to use somewhere else for update checking by default. | * This is correct for a regular install of Firefox yes. Obviously it is possible for users to change the extensions.update.url preference to point anywhere they like, but that should be the only case where this wasn't true. Obviously third party applications may choose to use somewhere else for update checking by default. --[[User:Mossop|Mossop]] | ||
--[[User:Grimholtz|Grimholtz]] 12:18, 9 July 2007 (PDT) | --[[User:Grimholtz|Grimholtz]] 12:18, 9 July 2007 (PDT) | ||