Both questions were an attempt to determine if any useful
protection mechanisms would be eliminated on the basis that
Mozilla has reviewed an extension and signed it. A Mozilla
signed extension isn't by definition one that is safe for
all users and applications. Alerting the user, allowing
them to reject Mozilla signed extensions based on whatever
criteria they wish, etc are important features.
I forgot a question earlier, which I'd like to ask now.
Will the signature verification system, including whatever
revocation mechanism you intend to adopt, involve new or
additional pieces of information being sent to Mozilla or
other parties? Involve limitations on what background
communications can be blocked?
The last time I looked into the subject, I think I concluded
that it is possible to disable all background communications
with Mozilla servers (through numerous configuration changes
and/or firewalling of Mozilla servers). Doing so didn't
interfere with the installation of extensions from local XPI
files, or the use of those extensions. I think you could
even selectively enable the blocklist download and make use
of it without informing Mozilla of the extensions you are
using. Those options, while not appropriate for all users
to make use of, do give other users the ability to adjust
the behavior of Firefox to suit their various security
requirements. I'm wondering if the new design will create
any impediments or issues related to this.