On Tue, Jan 14, 2014 at 9:44 PM, Uncle Zzzen <unclezz...@gmail.com> wrote: > Maybe one day JS will introduce signed code :)
Coming at that from a different angle... tl;dr [1] It's possible to sign JS, it's just a pain. See for example: <http://tjl73.altervista.org/HTML_sign_tutorial/tutorial_en.html> If the SPA[2] concept is reduced to atomic documents[3] then signing a web app and it's code becomes feasible[4] with some planning and trade-offs[5][6]. FWIW, I'll start signing Atomic OS reference implementations[7] in my next release. Cheers [1] <view-source:http://tjl73.altervista.org/HTML_sign_tutorial/example.html> [2] Single Page Application [3] "The Atomic Client Document" at <http://code.google.com/p/atomos/> [4] If there's only one signature to verify, it should be easier to convince people to do so [5] For transparency to work, minification should be avoided and probably most 3rd party libraries as well [6] Embedded binaries (ie images) need to be kept to a minimum due to size concerns [7] <http://psema4.github.io/Atomic-OS/> -- Scott Elcomb @psema4 http://psema4.com/pubkey.txt http://www.pirateparty.ca/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
