Talk:Extension Manager:Addon Update Security: Difference between revisions

Talk:Extension Manager:Addon Update Security (view source)

392 bytes added , 14 July 2007

added another vote for not requiring updateHashes

2

edits

@@ Line 36: / Line 36: @@
 . Suppose install.rdf contains an em:updateURL of https://foo.com/update.rdf. When FF retrieves the resource at https://foo.com/update.rdf, FF will install the update even if no em:updateHash element exists (assuming there are no problems with the certificate for foo.com). If, however, em:updateHash does exist, it is checked for validity against the update.
 * This is currently incorrect. The current version of the proposal requires updateHashes to be present at all times. There have been suggestions that this should be dropped in the event that the updateLink is on a secure server but that has not been finally decided. --[[User:Mossop|Mossop]]
+** I would like to see the requirement for updateHashes dropped if SSL is used for the updateLink (assuming that does not leave any security holes).  Why?  Because for some of my company's extensions we generate a custom .xpi file on the fly at download time (in order to embed user preferences and so on)... which makes it very expensive to provide an updateHash.  --[[User:mcs|Mark Smith]]
 . Suppose install.rdf contains no updateURL. FF EM exclusively contacts AMO via https:// for updates.