12
edits
Talk:Extension Manager:Addon Update Security: Difference between revisions
Talk:Extension Manager:Addon Update Security (view source)
Revision as of 19:36, 9 July 2007
, 9 July 2007fixed bolding
m (fixed bolding) |
|||
| Line 22: | Line 22: | ||
* That is correct. However in order for the updateURL to be used at all it must be digitally signed. --[[User:Mossop|Mossop]] | * That is correct. However in order for the updateURL to be used at all it must be digitally signed. --[[User:Mossop|Mossop]] | ||
**So the resource at http://foo.com/update.rdf would never be retrieved? In other words, both https:// URLs in install.rdf | **So the resource at http://foo.com/update.rdf would never be retrieved? In other words, both https:// URLs in install.rdf '''and''' em:updateHash values in update.rdf are required? --[[User:Grimholtz|Grimholtz]] 12:35, 9 July 2007 (PDT) | ||
2. Suppose install.rdf contains an em:updateURL of https://foo.com/update.rdf. When FF retrieves the resource at https://foo.com/update.rdf, FF will install the update even if no em:updateHash element exists (assuming there are no problems with the certificate for foo.com). If, however, em:updateHash does exist, it is checked for validity against the update. | 2. Suppose install.rdf contains an em:updateURL of https://foo.com/update.rdf. When FF retrieves the resource at https://foo.com/update.rdf, FF will install the update even if no em:updateHash element exists (assuming there are no problems with the certificate for foo.com). If, however, em:updateHash does exist, it is checked for validity against the update. | ||