Nelson Bolyard wrote: > Jonas Sicking wrote, On 2008-08-13 10:32: >> Nelson Bolyard wrote: >>> Jonas Sicking wrote, On 2008-08-11 20:33: >>> >>>> I would strongly recommend against using signed files at all. It's >>>> something that we want to get rid of since the security model is so poor. >>> Jonas, please enlighten us with an explanation of that claim. >> Signed files are a bad security model. It gives the page way more access >> than they should have, thus potentially putting users at risk. Hence we >> want to get rid of it. > > I believe you're saying that the browser grants too much access to signed > files. The issue is not with the signatures on the files, but with the > access that the browser grants to them.
Yes > Is getting rid of signed files > necessary to solve the problem of browser granting them too much access? Well, we should not grant any special privileges to files just because they are signed. Not sure if it makes a lot of sense to keep signing once we fix that? > With DNS spoofing on the rise, and MITM attacks becoming more prevalent > (for non SSL sites), is it wise to lessen our resistance to spoofed > downloads? Is signing helping with these things at all? A MITM can simply replace the whole signed file with a infected unsigned one. / Jonas _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
