I think that it is reasonable to expose this sort of information to web extensions, and - for some things - possibly even to the web.
I don't think that we should start with nsISSLStatus directly. Though it does have some relevant values, we should be careful to specify - and justify - individual values. A short list of the things you care about and a reason for each would be quite helpful. On Fri, Jan 27, 2017 at 4:44 AM, Giorgio Maone <gior...@maone.net> wrote: > Hello everybody, > > In https://bugzilla.mozilla.org/show_bug.cgi?id=1322748#c4 David Keeler > suggested to bring this issue up in a public forum in order to decide > how and how much to expose of the nsISSLStatus interface and its > dependencies to WebExtensions, considering that many Firefox add-ons use > it either to provide enhanced security UIs or to enforce stricter > security policies tailored on specific use cases. > > Additionally, exposing also ECDHE/DHE parameters has been asked for the > same reasons ( https://bugzilla.mozilla.org/show_bug.cgi?id=1312195 ). > > The most natural place to provide WebExtensions with this data is, IMHO, > in webRequest.onBeforeSendHeaders or in an ad-hoc event (onConnect?) > which needs anyway to be called before any HTTPS payload is actually > exchanged on the wire. > > Personally (i.e. for the purposes of the Tails Download and Verify > Extension which I maintain) I would be fine with a thin wrapper over > nsISSLStatus and nsIX509Cert, but platform developers, security guys and > other add-ons authors likely have different but hopefully reconcilable > views on this matter, therefore I'm cross-posting to dev-platform, > dev-security and dev-addons hoping for the best outcome. > > Cheers > > -- > Giorgio Maone > https://maone.net > > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
