crlite icon indicating copy to clipboard operation
crlite copied to clipboard

Published 20 hours ago verified publisher icon mozilla

Define the Security Considerations of the publisher's actions

Open jcjones opened this issue 5 years ago • 0 comments
trafficstars

The publisher tool operates in four stages, and not in a transaction, which raises concerns as to what happens when it does not update in a consistent way.

The possibilities are:

  1. The Intermediates and Filter update together
  2. The Intermediates do not update, but the Filter does.
  3. The Intermediates update and the Filter does not.
  4. None update.

In practice, we can choose between the second and third bullet by choosing which sign-off occurs first, as if it fails, then the second also will not happen. Right now, the Filter tries to update first, so the third option can be practically discounted, pending code changes.

The initial draft text I have here concerns the second option, what happens if the client does not observe intermediate metadata changes, but does obtain an updated filter that assumes knowledge of those metadata changes.

This is a WIP PR for now, as a place to discuss the issue.

jcjones avatar Sep 14 '20 23:09 jcjones