It's unclear whether this message went through to tor-dev (can't find it in the archives), but I've added this update to https://trac.torproject.org/projects/tor/wiki/doc/gsoc.
On 06/13/2014 05:06 PM, Red wrote: > Hello, everyone! > I apologize for the fact that this is coming in late, but here is a > summary of my progress and plans thus far in developing a secure ruleset > update mechanism for the HTTPS Everywhere browser extension. > > The specification document detailing how the ruleset updater will > function has been perhaps the greatest focus for me until now. The > document is currently hosted on Github as a gist[1], and currently > details the format for the JSON document the extension will fetch to > determine whether the update information it receives is authentic and > relevant. > > A second task I have been working on is the creation of a utility[2] > used to automate much of the process of building the update.json file > contents outlined by [1]. A lot of the work done here so far has been > experimental, but it is already providing some utility for composing > data that can be used for testing purposes. > > The third thing I have been working on is the actual implementation of > the ruleset updater[3]. There are to be some changes to the spec that > will be reflected in this code in the coming week, but the > implementation so far is very close to being ready to test. > > In the last week, a lot of discussion has occurred centered around > improving the specification for the ruleset update mechanism and how the > update.json file and signing thereof should function and be written. I > have posted my weekly meeting notes to another gist[4] which I will from > today onwards be keeping up to date with my weekly notes so that they > will be publicly available and well-formatted. In summary, my upcoming > work will involve updating the update.json spec to reflect the > discussion being had on the https-everywhere mailing list and between > myself and my mentor, Yan. I will then focus on updating the extension > code as well as the utility I have been working on to reflect the > changes to the spec. I will then move on to testing the signature > verification method locally by creating example documents and a Python > script to verify the signature. I will also be setting up a testing > environment to properly test my work on the ruleset update mechanism. > > My work can be more closely followed on Github- specifically, my fork of > the official HTTPS-Everywhere repository[5]. The code I have been > working on resides in my "makeJSONManifest" and "rulesetUpdating" > branches. You can also follow the discussion on the https-everywhere > mailing list, and are welcome to join in mine and Yan's weekly meetings > in #https-everywhere on irc.oftc.net at 11:00AM Pacific Time on > Fridays. We're happy to have people chime in with ideas, and commentary > in IRC, the mailing list, and on Github is welcome! > > [1]: https://gist.github.com/redwire/2e1d8377ea58e43edb40 > [2]: > https://github.com/redwire/https-everywhere/blob/makeJSONManifest/utils/ruleset_update_manifest.py > [3]: > https://github.com/redwire/https-everywhere/blob/rulesetUpdating/src/chrome/content/code/rulesetUpdate.js > [4]: https://gist.github.com/redwire/b62f03905a826e79947a > [5]: https://github.com/redwire/https-everywhere > > > > _______________________________________________ > HTTPS-Everywhere mailing list > [email protected] > https://lists.eff.org/mailman/listinfo/https-everywhere > -- Yan Zhu <[email protected]>, <[email protected]> Staff Technologist Electronic Frontier Foundation https://www.eff.org 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x134
signature.asc
Description: OpenPGP digital signature
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
