Dave Townsend wrote: > What I want is to be able to be able to establish some trust that the > update file retrieved is correct, and has not been tampered with, > intercepted and is as it was originally written by the add-on author.
Link Fingerprints was designed for precisely this purpose, and is currently being implemented in Firefox by Ed Lee, who is sitting next to Dan Veditz: http://www.gerv.net/security/link-fingerprints/ You get the URL from a trusted source (i.e. the updates.rdf downloaded from addons.mozilla.org over SSL) and then use the fingerprint to verify that the data you get is actually the correct data. You can download it over HTTP, from an "untrusted" site, because if you get the wrong data, the implementation throws it away and tells you so. No changes would be required to the updates system (apart from update authors having to specify the fingerprint when they register a new update) and they can use any web host they like - cheap, free, whatever. It's much easier to manage than certificates and I believe, for this application, gives equivalent security. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
