Re: Proposed changes to the add-on update mechanism - Mozilla

This is a discussion on Re: Proposed changes to the add-on update mechanism - Mozilla ; Varun wrote: > a) Why I don't prefer to host on AMO: I do, but also on my own > > b) using https: No, but I'd very much want to identify myself with a > > c) only allow ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: Proposed changes to the add-on update mechanism

  1. Re: Proposed changes to the add-on update mechanism

    Varun wrote:
    > a) Why I don't prefer to host on AMO: I do, but also on my own
    >
    > b) using https: No, but I'd very much want to identify myself with a
    >
    > c) only allow ssl updates: No. I'd guess half the extension authoring
    >
    > d) digital signature: paid signature- no. I would not choose to


    So, what is your proposed solution? Leave your users open to attacks via
    compromised WiFi?

    > Question: -what's teh bug number for this one on bugzilla?


    Bug 378216

    --BDS

  2. Re: Proposed changes to the add-on update mechanism

    Varun wrote:
    > Thanks for the interrogative response. Accordingly you should be able
    > to find a way that the client can verify that the 'expected' file is
    > coming from the 'expected' source. Thus two clear points.


    My posting in mozilla.dev.tech.crypto explains how I would intend to
    implement something secure without ssl or any paid for certificates needed.

    Dave

+ Reply to Thread