On 2014-06-13, 6:57 AM, Jacob S Hoffman-Andrews wrote: >> As far as I understand, there is no difference. I am not a crypo >> expert, but here is my understanding of the process: >> 1) An active attacker can MITM the connection and falsify ANY data >> being sent, unless the server certificate is pinned (which it is not, >> by deafult). >> 2) The signature is verified against EFF public key hardcoded into >> the extension. The verification will fail if either the data or the >> signature is tampered with (unless the attacker can modify the >> hardcoded public key, but then the user is screwed anyway). > This is correct. Detached signatures are just as safe. > > There's one little quirk in that you'd want to deploy a new > update.json with a new detached sig simultaneously, otherwise some > clients would fetch the old sig with the new update.json
Okay, I think I understand properly now. I had forgotten that
signatures are produced using a private key, so can't be so easily faked
by an attacker.
So our proposed method for determining the authenticity of the
update.json file is this:
Reduce the format down to
{
| "branch" : <ruleset branch>,
"date" : <the date the new db was released>,
"changes" : <a short description of recent changes>,
"version" : <ruleset release version>,
"hash" : <the hash of the db file>,
"source" : <the URL serving the updated ruleset db>|
}
and then take the signature over the raw bytes in this file. We write
the signature we produce to a file update.json.sig and have the
extension fetch both files, using the contents of update.json.sig to
verify the contents of update.json in the unparsed form are accurate.
Is this correct?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
