[HTTPS-Everywhere] GSoC report - Zack Mullaly - HTTPS Everywhere secure ruleset update mechanism
yan at eff.org
Sun Jun 15 14:05:08 PDT 2014
It's unclear whether this message went through to tor-dev (can't find it
in the archives), but I've added this update to
On 06/13/2014 05:06 PM, Red wrote:
> Hello, everyone!
> I apologize for the fact that this is coming in late, but here is a
> summary of my progress and plans thus far in developing a secure ruleset
> update mechanism for the HTTPS Everywhere browser extension.
> The specification document detailing how the ruleset updater will
> function has been perhaps the greatest focus for me until now. The
> document is currently hosted on Github as a gist, and currently
> details the format for the JSON document the extension will fetch to
> determine whether the update information it receives is authentic and
> A second task I have been working on is the creation of a utility
> used to automate much of the process of building the update.json file
> contents outlined by . A lot of the work done here so far has been
> experimental, but it is already providing some utility for composing
> data that can be used for testing purposes.
> The third thing I have been working on is the actual implementation of
> the ruleset updater. There are to be some changes to the spec that
> will be reflected in this code in the coming week, but the
> implementation so far is very close to being ready to test.
> In the last week, a lot of discussion has occurred centered around
> improving the specification for the ruleset update mechanism and how the
> update.json file and signing thereof should function and be written. I
> have posted my weekly meeting notes to another gist which I will from
> today onwards be keeping up to date with my weekly notes so that they
> will be publicly available and well-formatted. In summary, my upcoming
> work will involve updating the update.json spec to reflect the
> discussion being had on the https-everywhere mailing list and between
> myself and my mentor, Yan. I will then focus on updating the extension
> code as well as the utility I have been working on to reflect the
> changes to the spec. I will then move on to testing the signature
> verification method locally by creating example documents and a Python
> script to verify the signature. I will also be setting up a testing
> environment to properly test my work on the ruleset update mechanism.
> My work can be more closely followed on Github- specifically, my fork of
> the official HTTPS-Everywhere repository. The code I have been
> working on resides in my "makeJSONManifest" and "rulesetUpdating"
> branches. You can also follow the discussion on the https-everywhere
> mailing list, and are welcome to join in mine and Yan's weekly meetings
> in #https-everywhere on irc.oftc.net at 11:00AM Pacific Time on
> Fridays. We're happy to have people chime in with ideas, and commentary
> in IRC, the mailing list, and on Github is welcome!
> : https://gist.github.com/redwire/2e1d8377ea58e43edb40
> : https://gist.github.com/redwire/b62f03905a826e79947a
> : https://github.com/redwire/https-everywhere
> HTTPS-Everywhere mailing list
> HTTPS-Everywhere at lists.eff.org
Yan Zhu <yan at eff.org>, <yan at torproject.org>
Electronic Frontier Foundation https://www.eff.org
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x134
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 455 bytes
Desc: OpenPGP digital signature
More information about the HTTPS-Everywhere