Dear professor Ruiz.
The real issue is to create an *easy* way to do hash validation correctly. Reading a hash on youtube is not going to make it. You use HTTPS without DNSSEC and DANE. Please use those first. It solves a lot of your server validation issues. At least it allows your users' browsers to validate code44.com. I repeat: Hashes are for computers, not for people. Plugging my own warez: I believe I've come up with a way to do DNSSEC and DANE in combination with a certificate repository. It allows the browser to validate the authenticity of a server certificate. When validated it can be sure that the javascript found at a page is indeed that what the page-author wanted. Please see: http://eccentric-authentication.org/blog/2013/03/23/Cryptographic-same-origin-policy.html And please ask if anything is unclear. I love to receive comments on where I'm right or wrong. Regards, Guido. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
