W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2015

Re: Security use cases for packaging

From: Brad Hill <hillbrad@gmail.com>
Date: Thu, 29 Jan 2015 22:04:22 +0000
Message-ID: <CAEeYn8izPtJ9+4yA_HEXMZwdkJGYE6rBGc9a=cudj8hHSPVOjw@mail.gmail.com>
To: Yan Zhu <yzhu@yahoo-inc.com>, Chris Palmer <palmer@google.com>
Cc: "public-webapps@w3.org" <public-webapps@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Deian Stefan <deian@cs.stanford.edu>
Paging (future Dr.) Deian Stefan to the ER...

Any thoughts on using COWL for this kind of thing, with a pinned crypto key
as a confinement label to be combined with the regular Origin label?


On Thu Jan 29 2015 at 1:43:05 PM Yan Zhu <yzhu@yahoo-inc.com> wrote:

> chris palmer wrote:
> > But other code from the same origin might not be signed, which could
> > break the security assertion of code signing.
> Maybe the code from the downloaded package has to be run from a local
> origin like chrome://*.
Received on Thursday, 29 January 2015 22:04:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:43 UTC