One of the main parts of my work for Mozilla at the moment is about securing add-on updates. The spec is now pretty near complete and the implementation is also pretty much complete so hopefully we can start pushing out the necessary tools to add-on authors real soon then land the work shortly after.
Of course it wouldn’t be right for me to push this out without first making my own extensions comply with the new requirements. So today I am rolling out updates to all of them, mostly just changing the update url to an SSL one, though a couple of the extensions (Nightly Tester Tools and /Find Bar/) have some additional updates.
Using SSL really will be the easiest way of hosting secure updates for your extensions and I urge you to use it. Assuming you have a sensible hosting package, adding SSL is really not as expensive as many expect. Godaddy offer SSL certificates for $18 per year (minimum of 2 years) and if you are like me and hosting open source extensions then you can get the first year for free (though that seems to take a few weeks longer than if you pay). It’s also pretty simple to set up assuming you have a decent webhost, Dreamhost just has one form to fill in.
It turns out that the hardest part of getting SSL was fixing the bugs in my CMS since it’s current version had never been used in an SSL environment before