348
edits
Apps/WebApplicationReceipt/GenerationService: Difference between revisions
Apps/WebApplicationReceipt/GenerationService (view source)
Revision as of 21:50, 29 March 2012
, 29 March 2012→Appendix C: Key Compromise and Receipt Reissuance
| Line 90: | Line 90: | ||
* As receipts expire, or more immediately, user agents request new receipts from the Marketplace | * As receipts expire, or more immediately, user agents request new receipts from the Marketplace | ||
* New receipts are generated with the new root key | * New receipts are generated with the new root key | ||
If we don't do the hotfix step, there will be a window of time where user agents are presenting receipts that look good, but contain the revoked key. During this window, applications could be fooled by an attacker using the stolen key. Since the key is certified with a date range, the attacker's ability to produce new receipts would eventually expire - that is, the attacker could still produce valid-looking receipts, but only for date ranges whose not-after date was in the past. | |||
This interaction will require new logic in the user agent and should be communicated to the webapps and B2G teams for review. | This interaction will require new logic in the user agent and should be communicated to the webapps and B2G teams for review. | ||