On Fri, Mar 16, 2012 at 5:49 PM, Justin Lebar <[email protected]> wrote: >> Yes, clearly OWA was not designed with Gaia apps in mind. To be blunt, my >> opinion at this point is that a model with no code authentication or >> controls on importing code over plaintext channels, is insufficient for a >> privileged application like Gaia. It would leave Gaia apps open to the most >> trivial MITM attacks. >> Lucas. > > I understand the bit about code authentication. If the web server > gets hacked, we're screwed.
yes. and in the context of 100,000,000 mobile phones, a popular app becomes a reasonable target. plus... hmmm... yeah the whole idea of the manifests just gives you another headache: the app is tied to a particular URL. now what happens if the app gets a million hits per day? do you now change the manifest, to host on http://amazon.cloud.foo.om? whoops, you now just changed the signature, the app now has to be reinstalled. whoops, now someone who used to trust that particular site now has absolutely no idea where to go. whoops, now you've just exposed people to complete mayhem, they no longer have any real idea of who to trust. whoops, now you've increased the probability that people will copy the app themselves, add phishing code etc. and it's game over. l. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
