On 2/27/18 4:15 PM, Wayne Thayer wrote: > On Tue, Feb 27, 2018 at 3:40 PM, Peter Saint-Andre via > dev-security-policy <dev-security-policy@lists.mozilla.org > <mailto:dev-security-policy@lists.mozilla.org>> wrote: > > On 2/27/18 3:26 PM, Hanno Böck via dev-security-policy wrote: > > Hi, > > > > On Tue, 27 Feb 2018 09:20:33 -0700 > > Wayne Thayer via dev-security-policy > > <dev-security-policy@lists.mozilla.org > <mailto:dev-security-policy@lists.mozilla.org>> wrote: > > > >> This capability existed in the legacy Firefox extension system that > >> was deprecated last year. It was used to implement stricter security > >> mechanisms (e.g. CertPatrol) and to experiment with new mechanisms > >> such as Certificate Transparency and DANE. > > > > Wouldn't be a good compromise to say: Extensions can downgrade > > security, but they can't upgrade it? > > > In the bug I referenced as [2], people said that they specifically need > to be able to override "negative" certificate validation decisions, so > they may not see this as a compromise. I think an example would be a > site serving a self-signed certificate for a DANE add-on to validate. > > > Don't you mean the other way around? Otherwise, we're creating a > powerful footgun. > > I assume that by "downgrade", Hanno meant "change the UI to indicate a > bad cert" and by "upgrade" he meant "indicate a valid cert in the UI > when validation has failed".
OK, we're all in agreement but using opposite terminology. :) Peter
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
