[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Torbutton: 'Disable Updates During Tor' - Option

I concluded that the addon process is insecure because the versioncheck
happens over HTTPS but the actual download of the new xpi file is over http.
This simple conclusion is wrong if one doesn't check the entire update
To download something over an insecure channel is fine as long as you
can check the file for modifications after the download.

Authentication is done now.

Thanks for confirming this.

Is this something new to Firefox 4.0?
Is the authentication also done in Firefox 3.6?

tor-talk mailing list