On 05/28/2014 06:30 PM, Andrew Sutherland wrote:
== Proposed solution for exceptions / allowing connections
There are a variety of options here, but I think one stands above the
others. I propose that we make TCPSocket and XHR with mozSystem take
a dictionary that characterizes one or more certificates that should
be accepted as valid regardless of CA validation state. Ideally we
could allow pinning via this mechanism (by forbidding all certificates
but those listed), but that is not essential for this use-case. Just
a nice side-effect that could help provide tighter security guarantees
for those who want it.
Note: I've sent an email to the W3C sysapps list (the group
standardizing http://www.w3.org/2012/sysapps/tcp-udp-sockets/) about
this. It can be found in the archive at
http://lists.w3.org/Archives/Public/public-sysapps/2014May/0033.html
Andrew
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
