Kyle Hamilton wrote: > You could just as easily have a 'trusted source' by allowing the > plug-in author add their own 'updates to this plugin will come signed > by *this* key' certificates to the other certificates' keystore.
[Note: This thread has morphed into a general discussion of Link Fingerprints, given that we have established that the problem they solve is already solved in the case of Firefox addons (which I assume is what you mean by "plugin"). So they are not necessary in that case.] This is exactly what Dave suggested in his thread "Proposal for improving the security of add-on updates". So I'm afraid I don't understand what point you are making. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
