Boris Zbarsky wrote: >> The issue is not with the signatures on the files, but with the >> access that the browser grants to them. Is getting rid of signed files >> necessary to solve the problem of browser granting them too much access? > > We're discussing dropping the ability of signed HTML pages to request > extra access rights. Per above, I do think dropping this ability is > needed to solve the problem of granting such files too much access.
Yes. To make it clearer. I'm not really proposing we remove the feature of signed pages. I don't currently have an opinion on what we would do with the code that deals with signed jars. If it makes sense to keep that for other reasons we of course should. / Jonas _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security