[HTTPS-Everywhere] Draft specification for file used to check for ruleset updates
Jacob Hoffman-Andrews
jsha at newview.org
Tue Jun 10 12:50:24 PDT 2014
>
> Taking the signature into account, the schema that makes the most sense
> to me is:
>
> { "update": { "stable": {...}, "development": {...} }
> "signature": ... }
>
> where "signature" is over the stringified value of "update".
>
I wound up needing to address this same problem for the STARTTLS config
distribution spec (
https://github.com/jsha/starttls-everywhere/blob/master/README.md).
Unfortunately there is no spec for canonicalizing JSON. We could implement
one ourselves but it's likely to get really challenging really fast. More
generally, any attempt to specify a signature internal to the format that
is being signed is a little weird.
What I wound up doing instead was just specifying signatures external to
the file format, e.g. wrap the whole JSON in `gpg --clearsign' or something
similar. I'd suggest the same thing here.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140610/fb020832/attachment.html>
More information about the HTTPS-Everywhere
mailing list