<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
On 2014-06-12, 7:18 AM, Jacob Hoffman-Andrews wrote:<br>
<blockquote cite="mid:5399B6BA.4040708@eff.org" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
> Instead of hashing a stringified version of the `update`
object directly, we could sort an array of the keys in the update
object and then create an array of key, value pairs in the
sorted-key order.<br>
<br>
Presumably, we would also want to recursively sort any sub-objects
in the update object? What encoding do we use to serialize the
update object for signing?<br>
</blockquote>
We actually sign the hash of `updateObj.update` (that is, the flat
update object inside the outer object). You can see what I've done
to handle this automatically in the utility I built to handle most
of the process of creating the update.json file contents:
<a class="moz-txt-link-freetext" href="https://github.com/redwire/https-everywhere/commit/eaff57798a5682ec6171ef5c86a65df8b06c174b">https://github.com/redwire/https-everywhere/commit/eaff57798a5682ec6171ef5c86a65df8b06c174b</a><br>
<br>
As I mentioned in my previous email, because we have decided not to
use a nested structure for the update object and are instead going
to serve different update.json files from different URLs, there
isn't currently a need to recursively convert objects inside
`update` to a list of key, value pairs. If that changes at some
point, it wouldn't be hard to implement, though.<br>
<br>
</body>
</html>