No subject
Wed Jul 1 18:26:42 PDT 2009
application will only accept update bundles which are signed by a DSA
privkey that matches a pubkey embedded in the app. It'd be nice if
Firefox could do the same. And if Firefox were to establish a
quietly-backwards-compatible convention (i.e. the hash-mark trick) for
strong URL-based authentication of HTTP resources, then other
applications could start using it too, and a significant class of
current web security problems (like the mixed-content one where an HTTPS
page loads a javascript library via HTTP) could be fixed.
cheers,
-Brian
[1]:
http://sparkle.andymatuschak.org/documentation/pmwiki.php/Documentation/BasicSetup
More information about the tahoe-dev
mailing list