Nick wrote:
Can you definitely not sign extensions with a private key?
This is not an option available to any of my extensions or apps,
unfortunately. There's reference to it in the documentation, but I've
never seen this as an option for apps or for my developer account.
Could you then force the extension to check the key before updating
itself? Probably not, it's probably well outside of the extension's
control, and besides, if you're worried about an evil google, hey,
they control the browser, so you've already lost.
Nick
Walled gardens have issues, this is definitely true.
I had a discussion with Google's Ryan Sleevi about adding the option
to check SSL certificates against a hardcoded set [webrequest api hook],
but they were clear that API access to the cert isn't going to happen.
(This had been an ongoing discussion some time ago with others involved
in circumvention). They instead want people to rely on certificate
pinning. In Firefox, certificates can be accessed by extensions and
checked against a list to detect MITM (CertPatrol being the most popular
way to do this). But it doesn't seem like this will ever really be an
option for Google developers, which is a bummer.
Tom Ritter wrote:
Except if Google really wanted they could push down an update to
bypass that. It'd be more work though.
It's true. But that at least limits the attack surface to just one or
two parties, and as I said the change wouldn't go unnoticed. I'm fairly
paranoid about such things, particularly given that the project is
intended as a pointed "fuck you" to the surveillance state. ^_^;;
Anyway, I don't think any of this makes the extension worthless, far
from it, I just wanted to understand the attacks possible for
malicious extension update and for malicious google. Thanks for your
work!
Thanks for checking it out! ^_^
best,
Griffin
--
Liberationtech is public & archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change
to digest, or change password by emailing moderator at compa...@stanford.edu.