106
edits
Talk:Extension Manager:Addon Update Security:Signature: Difference between revisions
Jump to navigation
Jump to search
m
Talk:Extension Manager:Addon Update Security:Signature (view source)
Revision as of 21:17, 16 September 2007
, 16 September 2007divide the responses with headers
(more discussion) |
m (divide the responses with headers) |
||
| Line 25: | Line 25: | ||
It was not apparent to me how those GUIDs or http URLs ensure the authenticity of the content downloaded from the http URLs. What stops a download from one of those http URLs from being modified in transit? What ensures that the user who downloads the content of those http URLs is actually getting content from the expected server? I expected that the signed data would include at least a digest (a hash) of the download, but that is not apparent. It occurred to me that the thing that looks like a GUID could actually be an MD5 hash. But it is called an "id", so I doubt that. | It was not apparent to me how those GUIDs or http URLs ensure the authenticity of the content downloaded from the http URLs. What stops a download from one of those http URLs from being modified in transit? What ensures that the user who downloads the content of those http URLs is actually getting content from the expected server? I expected that the signed data would include at least a digest (a hash) of the download, but that is not apparent. It occurred to me that the thing that looks like a GUID could actually be an MD5 hash. But it is called an "id", so I doubt that. | ||
== Dave's Reply of 2007-09-16 02:28:05 PST == | |||
Some answers for you: | Some answers for you: | ||
| Line 31: | Line 33: | ||
2. The signed manifest is the update manifest. This is the update information that is automatically retrieved periodically to find updates for the add-on. It is necessary to sign the update manifest because it can be retrieved over insecure channels. The final downloaded updated add-on (the xpi file) is protected by virtue of the fact that it must either be available on a https url, or there must be a hash provided for the xpi. | 2. The signed manifest is the update manifest. This is the update information that is automatically retrieved periodically to find updates for the add-on. It is necessary to sign the update manifest because it can be retrieved over insecure channels. The final downloaded updated add-on (the xpi file) is protected by virtue of the fact that it must either be available on a https url, or there must be a hash provided for the xpi. | ||
== Nelson's Followup of 2007-09-16 13:13:42 PST == | |||
Dave, I agree that it is reasonable to require that "it must either be available on a https url, or there must be a hash provided for the xpi." but (unlesss I'm misunderstanding it) the example given on User:Mossop:Fx-Docs:AddonUpdateSignature has neither. It has http URLs, not https, and I see no hashes in it. Where's the protection? Where are the signed hashes in the example? | Dave, I agree that it is reasonable to require that "it must either be available on a https url, or there must be a hash provided for the xpi." but (unlesss I'm misunderstanding it) the example given on User:Mossop:Fx-Docs:AddonUpdateSignature has neither. It has http URLs, not https, and I see no hashes in it. Where's the protection? Where are the signed hashes in the example? | ||