[HTTPS-Everywhere] Draft specification for file used to check for ruleset updates
Jacob S Hoffman-Andrews
jsha at eff.org
Fri Jun 13 06:57:02 PDT 2014
> As far as I understand, there is no difference. I am not a crypo
> expert, but here is my understanding of the process:
> 1) An active attacker can MITM the connection and falsify ANY data
> being sent, unless the server certificate is pinned (which it is not,
> by deafult).
> 2) The signature is verified against EFF public key hardcoded into the
> extension. The verification will fail if either the data or the
> signature is tampered with (unless the attacker can modify the
> hardcoded public key, but then the user is screwed anyway).
This is correct. Detached signatures are just as safe.
There's one little quirk in that you'd want to deploy a new update.json
with a new detached sig simultaneously, otherwise some clients would
fetch the old sig with the new update.json.
More information about the HTTPS-Everywhere
mailing list