Bug 1792954 Comment 0 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by

Andreas Wagner [:TheOne] [use NI]

on 2022-09-29 18:19:11 PDT

Add-ons have been (co-)signed using RSA and COSE for a long time.

For MV2 add-ons, we want to change the order of signature verification to the following:

1. Check COSE
    a) If it succeeds, DONE
    b) If it is invalid, FAIL
    c) If it is non-existent, go to 2
2. Check RSA
    a) If it succeeds, DONE
    b) If it is invalid, FAIL
    c) If it is non-existent, FAIL
    d) If SHA1 is disabled, FAIL

For MV3 add-ons, we will use a simplified process that no longer uses PKCS7:

1. Check COSE
    a) If it succeeds, DONE
    b) If it is invalid or non-existent, FAIL

Revision 1 by

Andreas Wagner [:TheOne] [use NI]

on 2022-09-29 18:24:53 PDT

Add-ons have been (co-)signed using RSA and COSE for a long time.

For MV2 add-ons, we want to change the order of signature verification to the following:

1. Check COSE
    a) If it succeeds, DONE
    b) If it is invalid, FAIL
    c) If it is non-existent, go to 2
2. Check RSA
    a) If it succeeds, DONE
    b) If it is invalid, FAIL
    c) If it is non-existent, FAIL
    d) If SHA1 is disabled, FAIL

For MV3 add-ons, we will use a simplified process that no longer uses RSA:

1. Check COSE
    a) If it succeeds, DONE
    b) If it is invalid or non-existent, FAIL

Back to Bug 1792954 Comment 0

Bugzilla

Quick Search

Bug 1792954 Comment 0 Edit History