On Mon, Mar 19, 2012 at 12:31 PM, Ben Francis <b...@krellian.com> wrote:
> Having said that, one thing I'm unsure about is the restriction of "one web > app per origin" and "one origin per web app". Do you think this this > flexible enough in practice? flexibility is not the only concern. a manifest with wildcards on the permitted files cannot be digitally signed. if it can't be digitally signed, it can't be verified. if it can't be verified, you can kiss security goodbye as you can no longer make any guarantees, and thus cannot meet sensible security requirements. if however the manifest specified each and every single file, then it turns out that not only can you do several apps "per origin" so to speak but also the manifest can be signed. of course it goes without saying that once you have a manifest specifying each and every file and the manifest is digitally-signed, that's conceptually equivalent to an apt or yum package. l. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
