Closed Bug 1178527 Opened 9 years ago Closed 9 years ago

cache the signature check so that we dont need to recheck everytime

Categories

(Core :: Networking, defect, P1)

Product:
Core
Component:
Networking
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX
Project Flags:
blocking-b2g 2.5+

People

(Reporter: pauljt, Assigned: hchang)

References

Details

We will want to cache the signature check on the new signed packages somehow, so that if the resource remains unchanged, that we do not need to verify the signature check each time.
Assignee: nobody → hchang
Status: NEW → ASSIGNED
Our process here will likely be to simply not cache signed resource if their integrity check fails, so if the content is in the cache we can be sure the content is unmodified. I'll leave open for Henry to close once this approach has been confirmed as valid.
Priority: -- → P1
blocking-b2g: --- → 2.5+
(In reply to Paul Theriault [:pauljt] from comment #1)
> Our process here will likely be to simply not cache signed resource if their
> integrity check fails, so if the content is in the cache we can be sure the
> content is unmodified. I'll leave open for Henry to close once this approach
> has been confirmed as valid.

Since the current packaged web content requesting flow has been changed, all the
packaged content request is managed by PackagedAppService, which means there's
no direct access to the packaged content cache. We can guarantee the cached file 
will not be used unexpectedly until we claim it's available. So, when the cached 
packaged resource is said available, it's guaranteed verified.

I'll close this bug at the moment and reopen it if the architecture changes.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.