Add-on update metadata needs to use content-signing

NEW
Unassigned

Status

addons.mozilla.org
Security
2 years ago
2 months ago

People

(Reporter: dveditz, Unassigned)

Tracking

(Blocks: 1 bug, {sec-want})

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 years ago
+++ This bug was initially created as a clone of Bug #1303183 +++

This is the server-side part of content-signing add-on update metadata.

Since there's only a "Security" component here I suspect this is no longer the right place to file such bugs but I'm not sure where the right place is.
I'll leave the triage privilege to Andy :)

From a backend integration point of view, we need to grant access to the Autograph service to the AMO component that generates the update file. Autograph will compute a Content Signature and return it to AMO to serve alongside the data.

The main question is how many qps we will need to serve. Autograph is currently sized to sign a handful of files per hour, but if the version check data is dynamic, we'll need to sign thousands per second. The service can scale, but it's a potential concern.
(Reporter)

Updated

2 months ago
Keywords: sec-want
You need to log in before you can comment on or make changes to this bug.