Closed
Bug 1047274
Opened 10 years ago
Closed 9 years ago
Need revocation for add-on signing certificates
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: dveditz, Unassigned)
References
Details
We can always blocklist a bad add-on, but we also need to be able to revoke the signing certificates used to sign them. If a developer leaks their private key we don't want to punish all that developers current users by blocking a perfectly good add-on, we simply want to prevent someone else from mis-using the cert.
Reporter | ||
Comment 2•10 years ago
|
||
We can put this in a (much) later phase. If we do all the signing ourselves then blocking the add-on (by version if appropriate) is effectively equivalent to revoking the cert. We'd only have to worry about long-lived certs that might get stolen, such as the hotfix add-on.
If we ever progress to the point of issuing certificates to external folks then yes, we would want this. I expect we would piggy-back on the "OneCRL" mechanism mgoodwin created.
Flags: needinfo?(dveditz)
Comment 3•9 years ago
|
||
we closed bug 1047269 as won't fix. reopen this if we reopen that.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•