Hello everybody, In https://bugzilla.mozilla.org/show_bug.cgi?id=1322748#c4 David Keeler suggested to bring this issue up in a public forum in order to decide how and how much to expose of the nsISSLStatus interface and its dependencies to WebExtensions, considering that many Firefox add-ons use it either to provide enhanced security UIs or to enforce stricter security policies tailored on specific use cases.
Additionally, exposing also ECDHE/DHE parameters has been asked for the same reasons ( https://bugzilla.mozilla.org/show_bug.cgi?id=1312195 ). The most natural place to provide WebExtensions with this data is, IMHO, in webRequest.onBeforeSendHeaders or in an ad-hoc event (onConnect?) which needs anyway to be called before any HTTPS payload is actually exchanged on the wire. Personally (i.e. for the purposes of the Tails Download and Verify Extension which I maintain) I would be fine with a thin wrapper over nsISSLStatus and nsIX509Cert, but platform developers, security guys and other add-ons authors likely have different but hopefully reconcilable views on this matter, therefore I'm cross-posting to dev-platform, dev-security and dev-addons hoping for the best outcome. Cheers -- Giorgio Maone https://maone.net _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
