Re: Notes on security

>  A) Make the plugin only tell the downloader what to download and not
>     to download it from.

You still need a key - even if the https:// authentication for
itself to prove the connection is to the correct site.

>  B) Sign extension dowloads with a private key.
> A) is considerably simpler. B) offers some more flexibility. (You can
> still handle offload in the A) case by doing redirects.)

Another way to address B is to sign an index of locations of and hashes
for the extensions rather than signing each extension individually. Might
be easier to operate but with B you could use a heirarchy of keys
(gnome->signer) which would let the installer see who (one or many) signed
the package having reviewed it, and also allow revocations.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]