Firefox security status
Posted Jun 7, 2007 11:43 UTC (Thu) by hawk
In reply to: Firefox security status
Parent article: Firefox security status
The problem that is "solved" with a certificate handed out from a trusted authority is obviously proving who the software came from in the first place. (So I wouldn't say that the hassle of buying a certificate is for no benefit!)
I do however agree that having this security on the HTTP layer is not really the right choice. On the other hand, having the extensions signed with a certificate handed out by a trusted party seems like a good idea to me.
What you describe (as your description does not seem to involve getting such a certificate) will only be able to tell whether updates come from the same source that you got the initial version from, which still leaves a big whole.
On the other hand, how do you know who to trust in the first place anyway....
to post comments)