[HTTPS-Everywhere] GSoC report - Zack Mullaly - HTTPS Everywhere secure ruleset update mechanism

Yan Zhu yan at eff.org
Sun Jun 15 14:05:08 PDT 2014


It's unclear whether this message went through to tor-dev (can't find it
in the archives), but I've added this update to
https://trac.torproject.org/projects/tor/wiki/doc/gsoc.

On 06/13/2014 05:06 PM, Red wrote:
> Hello, everyone!
> I apologize for the fact that this is coming in late, but here is a
> summary of my progress and plans thus far in developing a secure ruleset
> update mechanism for the HTTPS Everywhere browser extension.
> 
> The specification document detailing how the ruleset updater will
> function has been perhaps the greatest focus for me until now. The
> document is currently hosted on Github as a gist[1], and currently
> details the format for the JSON document the extension will fetch to
> determine whether the update information it receives is authentic and
> relevant.
> 
> A second task I have been working on is the creation of a utility[2]
> used to automate much of the process of building the update.json file
> contents outlined by [1]. A lot of the work done here so far has been
> experimental, but it is already providing some utility for composing
> data that can be used for testing purposes.
> 
> The third thing I have been working on is the actual implementation of
> the ruleset updater[3].  There are to be some changes to the spec that
> will be reflected in this code in the coming week, but the
> implementation so far is very close to being ready to test.
> 
> In the last week, a lot of discussion has occurred centered around
> improving the specification for the ruleset update mechanism and how the
> update.json file and signing thereof should function and be written.  I
> have posted my weekly meeting notes to another gist[4] which I will from
> today onwards be keeping up to date with my weekly notes so that they
> will be publicly available and well-formatted.  In summary, my upcoming
> work will involve updating the update.json spec to reflect the
> discussion being had on the https-everywhere mailing list and between
> myself and my mentor, Yan.  I will then focus on updating the extension
> code as well as the utility I have been working on to reflect the
> changes to the spec.  I will then move on to testing the signature
> verification method locally by creating example documents and a Python
> script to verify the signature.  I will also be setting up a testing
> environment to properly test my work on the ruleset update mechanism.
> 
> My work can be more closely followed on Github- specifically, my fork of
> the official HTTPS-Everywhere repository[5].  The code I have been
> working on resides in my "makeJSONManifest" and "rulesetUpdating"
> branches.  You can also follow the discussion on the https-everywhere
> mailing list, and are welcome to join in mine and Yan's weekly meetings
> in #https-everywhere on irc.oftc.net at 11:00AM Pacific Time on
> Fridays.  We're happy to have people chime in with ideas, and commentary
> in IRC, the mailing list, and on Github is welcome!
> 
> [1]: https://gist.github.com/redwire/2e1d8377ea58e43edb40
> [2]:
> https://github.com/redwire/https-everywhere/blob/makeJSONManifest/utils/ruleset_update_manifest.py
> [3]:
> https://github.com/redwire/https-everywhere/blob/rulesetUpdating/src/chrome/content/code/rulesetUpdate.js
> [4]: https://gist.github.com/redwire/b62f03905a826e79947a
> [5]: https://github.com/redwire/https-everywhere
> 
> 
> 
> _______________________________________________
> HTTPS-Everywhere mailing list
> HTTPS-Everywhere at lists.eff.org
> https://lists.eff.org/mailman/listinfo/https-everywhere
> 


-- 
Yan Zhu  <yan at eff.org>, <yan at torproject.org>
Staff Technologist
Electronic Frontier Foundation                  https://www.eff.org
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x134

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140615/2f1b886c/attachment.sig>


More information about the HTTPS-Everywhere mailing list