[HTTPS-Everywhere] Draft specification for file used to check for ruleset updates

Jacob S Hoffman-Andrews jsha at eff.org
Fri Jun 13 06:57:02 PDT 2014


> As far as I understand, there is no difference. I am not a crypo 
> expert, but here is my understanding of the process:
> 1) An active attacker can MITM the connection and falsify ANY data 
> being sent, unless the server certificate is pinned (which it is not, 
> by deafult).
> 2) The signature is verified against EFF public key hardcoded into the 
> extension. The verification will fail if either the data or the 
> signature is tampered with (unless the attacker can modify the 
> hardcoded public key, but then the user is screwed anyway).
This is correct. Detached signatures are just as safe.

There's one little quirk in that you'd want to deploy a new update.json 
with a new detached sig simultaneously, otherwise some clients would 
fetch the old sig with the new update.json.


More information about the HTTPS-Everywhere mailing list