Jonas Sicking wrote, On 2008-08-13 10:32: > Nelson Bolyard wrote: >> Jonas Sicking wrote, On 2008-08-11 20:33: >> >>> I would strongly recommend against using signed files at all. It's >>> something that we want to get rid of since the security model is so poor. >> Jonas, please enlighten us with an explanation of that claim. > > Signed files are a bad security model. It gives the page way more access > than they should have, thus potentially putting users at risk. Hence we > want to get rid of it.
I believe you're saying that the browser grants too much access to signed files. The issue is not with the signatures on the files, but with the access that the browser grants to them. Is getting rid of signed files necessary to solve the problem of browser granting them too much access? With DNS spoofing on the rise, and MITM attacks becoming more prevalent (for non SSL sites), is it wise to lessen our resistance to spoofed downloads? _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security