W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: Security use cases for packaging

From: Brad Hill <hillbrad@gmail.com>
Date: Thu, 29 Jan 2015 22:04:22 +0000
Message-ID: <CAEeYn8izPtJ9+4yA_HEXMZwdkJGYE6rBGc9a=cudj8hHSPVOjw@mail.gmail.com>
To: Yan Zhu <yzhu@yahoo-inc.com>, Chris Palmer <palmer@google.com>
Cc: "public-webapps@w3.org" <public-webapps@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Deian Stefan <deian@cs.stanford.edu>
Paging (future Dr.) Deian Stefan to the ER...

Any thoughts on using COWL for this kind of thing, with a pinned crypto key
as a confinement label to be combined with the regular Origin label?


On Thu Jan 29 2015 at 1:43:05 PM Yan Zhu <yzhu@yahoo-inc.com> wrote:

> chris palmer wrote:
> > But other code from the same origin might not be signed, which could
> > break the security assertion of code signing.
> Maybe the code from the downloaded package has to be run from a local
> origin like chrome://*.
Received on Thursday, 29 January 2015 22:04:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC