Click to play, the next big problem for many smaller companies
gijskruitbosch at gmail.com
Fri Sep 6 08:13:32 UTC 2013
On Thu, Sep 5, 2013 at 9:56 PM, Richard Bateman <richard at batemansr.us>wrote:
> On Sep 5, 2013, at 13:19 , Benjamin Smedberg <benjamin at smedbergs.us>
> > Testing has shown that for hidden plugins, almost all users don't have
> enough context to make an informed choice. If a plugin is visible, they
> have a much better chance of making an informed choice based on whether the
> plugin is located in a familiar location and has a recognizable name.
> What if you made the decision based on something like whether or not the
> plugin had a valid digital signature, at least on windows and mac? Most
> companies with a valid business case can afford to sign the plugin and
> probably will anyway, particularly for firebreath plugins that are also COM
No. Signature certificates/keys can be obtained relatively cheaply or even
free these days, so this argument doesn't work.
More importantly, from a security perspective, this is the wrong idea. A
digital signature does exactly what it says on the tin: it confirms that
the file in question was created by the person who holds the keys to that
signature, id est, it verifies authorship. That in and of itself implies
nothing as regards that plugin's security of implementation, necessity for
the page the user is on, exploitability, and so on. Using it (by proxy of
an implication about financial means) as a crippled way of ensuring
security is wrong. Let's not go there.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the firefox-dev