Bug 1153422 (nsec-verify)

[META] Tracking bug for Verifying Signatures implementation of New Security Model

RESOLVED WONTFIX

Status

Firefox OS
General
P1
normal
RESOLVED WONTFIX
3 years ago
a year ago

People

(Reporter: jgong, Unassigned)

Tracking

(Depends on: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [newsecurity])

User Story

This is a V3 initiative for a New Security Model.  https://wiki.mozilla.org/FirefoxOS/New_security_model

This Meta Bug is for tracking the "Verifying signatures" implementation, a sub-component of the bigger New Security Model project. https://wiki.mozilla.org/FirefoxOS/New_security_model#Verifying_signatures.

********
Verify Signatures 

To load a webpage in a signed package, the user navigates to a URL like "https://website.com/RSSReader2000/package.pak!//index.html". The part before the "!//" is the URL to the package itself. The part after the "!//" is the resource path inside the package.

So loading signed content does not require an installation to happen. Simply navigating to a URL like the above is enough.

When the user navigates to such a page, Gecko will download the package from the webserver. Gecko will then see in the header of the package that the package is signed.

Before serving any resources from the package to the rest of Gecko, the network layer will first wait for the signatures to be loaded from the package. It will also verify that the resource that is currently being loaded is covered by, and matches, the signature.
(Reporter)

Description

3 years ago
This is a V3 initiative for a New Security Model.  https://wiki.mozilla.org/FirefoxOS/New_security_model

This Meta Bug is for tracking the "Verifying signatures" implementation, a sub-component of the bigger New Security Model project. https://wiki.mozilla.org/FirefoxOS/New_security_model#Verifying_signatures
(Reporter)

Updated

3 years ago
User Story: (updated)
Summary: [META] Tracking bug for Signing implementation of New Security Model → [META] Tracking bug for "Verifying Signatures" implementation of New Security Model
(Reporter)

Updated

3 years ago
Depends on: 1153423
(Reporter)

Updated

3 years ago
User Story: (updated)
(Reporter)

Updated

3 years ago
No longer depends on: 1153420
(Reporter)

Updated

3 years ago
Depends on: 1153420
(Reporter)

Updated

3 years ago
Summary: [META] Tracking bug for "Verifying Signatures" implementation of New Security Model → [META] Tracking bug for Verifying Signatures implementation of New Security Model
(Reporter)

Updated

3 years ago
Depends on: 1153428
(Reporter)

Updated

3 years ago
Depends on: 1153432
(Reporter)

Updated

3 years ago
Depends on: 1153433
(Reporter)

Updated

3 years ago
Depends on: 1153435
(Reporter)

Updated

3 years ago
Blocks: 1149545
(Reporter)

Updated

3 years ago
No longer depends on: 1153420
(Reporter)

Updated

3 years ago
Depends on: 1153420
(Reporter)

Updated

3 years ago
Blocks: 1153420
No longer depends on: 1153420
(Reporter)

Updated

3 years ago
Blocks: 1153435
No longer depends on: 1153435
(Reporter)

Updated

3 years ago
No longer blocks: 1153420, 1153435
Depends on: 1153420, 1153435
(Reporter)

Updated

3 years ago
Blocks: 1153420
No longer depends on: 1153420
(Reporter)

Updated

3 years ago
Blocks: 1153428
No longer depends on: 1153428
(Reporter)

Updated

3 years ago
Blocks: 1153433
No longer depends on: 1153433
(Reporter)

Updated

3 years ago
Blocks: 1153423
No longer depends on: 1153423
(Reporter)

Updated

3 years ago
Blocks: 1153432
No longer depends on: 1153432
(Reporter)

Updated

3 years ago
(Reporter)

Updated

3 years ago
Blocks: 1153423
No longer depends on: 1153423
(Reporter)

Updated

3 years ago
Blocks: 1153449
(Reporter)

Updated

3 years ago
Whiteboard: [NewSecurity] → [newsecurity]
(Reporter)

Updated

3 years ago
Priority: -- → P1
Depends on: 1178518
Alias: nsec-verify
No longer depends on: 1153420
Depends on: 1178525
Depends on: 1178526
Depends on: 1178527
Depends on: 1178533
Depends on: 1178536
Depends on: 1178539
No longer depends on: 1153428, 1153432, 1153433, 1153435
No longer blocks: 1153423, 1153449

Updated

2 years ago
Depends on: 1185439
No longer depends on: 1178533
No longer depends on: 1178536

Updated

2 years ago
Depends on: 1188717
blocking-b2g: --- → 2.5+
blocking-b2g: --- → ---

Updated

2 years ago
Depends on: 1214079
Depends on: 1217694
Depends on: 1218284
Depends on: 1239559
Component: Security → General
Product: Firefox → Firefox OS
(Reporter)

Updated

a year ago
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.