Well, I fixed the Addon-Problem with the
...and I had a look inside what it does... (adding an intermediate cert to certdb and reverify all addons)
So, does this mean every Addon can add any cert if it thinks this is funny? Isn't this another big security hole?
@robelix i imagine that’s one of the things the AMO extension verification process checking does
Still, it feels weird...
Before, I thought it's a 3 party model:
1. distro provides Firefox in a distro-signed package, which contains AMO CA cert
2. AMO publishes addons
3. user gets Ffox from distro and addons from AMO, verifying signatures attached to the addons
But now there 4th party:
4. Mozilla delivers a special kind of addon that bypasses checks in (3), is signed with different key, and provides cert for verifying (3).
If the intermediate cert is really intermediate, i.e. not a root of trust, then it should be bundled with every addon on AMO (like you bundle LetsEncrypt intermediate cert with your website's cert if you run your own webserver), and verified by some long-lasting root cert hardcoded in Firefox.
And if it's not an intermediate cert, but a root of trust, then updating it should be done either by distro, or by the user.
chaos.social – a Fediverse instance for & by the Chaos community