On 13/04/11 20:15, Stephen Schultze wrote:
On 4/13/11 2:02 PM, Brian Smith wrote:
Gervase Markham wrote:
On 12/04/11 14:22, Stephen Schultze wrote:
On 4/8/11 6:49 PM, Sid Stamm wrote:
- Implement subscription-based blocklisting of certs via
update ping (remove need to ship patch)
Would it allow third parties to maintain and distribute such
blocklists?
Kai has written a patch to add some infrastructure for extensions to
implement their own similar mechanisms. You may be able to override
the built-in mechanism's server's URL with another one with some pref
hacking, but that would not be "supported" but instead something to
use for testing purposes.
Is there somewhere I can read about this? I don't understand what you
mean by "similar mechanisms."
Kai's patch allows extensions to hook into the certificate trust/untrust
system, and make decisions. So you could do that based on a blocklist if
you like.
Is it a general structure for fetching
updates of blocklists and doing arbitrary things with them, or something
else?
I'm sorry; we have got two ideas confused here.
I was making the point that we plan to extend Firefox's existing
blacklist system, downloaded daily, to have a category for certs.
Brian was making the point that you could use Kai's hook to write an
addon which did its own blacklist downloading, using whatever server or
format you wanted, and disallowed the certs it heard about.
Gerv
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
