[HTTPS-Everywhere] Draft specification for file used to check for ruleset updates

Red redwire at riseup.net
Thu Jun 19 14:19:03 PDT 2014

On 2014-06-19, 2:07 PM, Yan Zhu wrote:
> Red:
>>> Also, it's better to specify SHA1 somewhere in the update.json file in
>>> case anyone is reading it independently. This could either be an
>>> additional field, or we could use the format
>>> "sha1/5R0zeLx7EWRxqw6HRlgCRxNLHDo=" (<name of hash function>/<base
>>> 64-encoded string).
>> The fact that SHA1 is used is specified in the first paragraph of
>> "Verification and Version Checking".
>> Specifically: "SHA1 is currently being used as the hashing algorithm."
> Right, SHA1 is in the spec, but it would be better to also include it in
> update.json itself. That way, if/when we switch to another hash
> function, someone who is reading update.json or using it to manually
> verify a ruleset file doesn't need to find the version of the
> specification that was current at the time of posting or look in the
> corresponding checkout of the extension code, etc.
Oh, I see.  Then we can have the extension use whichever hash algorithm
is specified in update.json.
Alright. I definitely agree that's a good idea.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 341 bytes
Desc: OpenPGP digital signature
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140619/a1dbc15d/attachment.sig>

More information about the HTTPS-Everywhere mailing list