[HTTPS-Everywhere] Draft specification for file used to check for ruleset updates

Yan Zhu yan at eff.org
Thu Jun 19 14:07:44 PDT 2014

>> Also, it's better to specify SHA1 somewhere in the update.json file in
>> case anyone is reading it independently. This could either be an
>> additional field, or we could use the format
>> "sha1/5R0zeLx7EWRxqw6HRlgCRxNLHDo=" (<name of hash function>/<base
>> 64-encoded string).
> The fact that SHA1 is used is specified in the first paragraph of
> "Verification and Version Checking".
> Specifically: "SHA1 is currently being used as the hashing algorithm."

Right, SHA1 is in the spec, but it would be better to also include it in
update.json itself. That way, if/when we switch to another hash
function, someone who is reading update.json or using it to manually
verify a ruleset file doesn't need to find the version of the
specification that was current at the time of posting or look in the
corresponding checkout of the extension code, etc.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140619/4e658e5e/attachment.sig>

More information about the HTTPS-Everywhere mailing list