Brian Warner writes:
>From what I can tell, the Sparkle update framework (for OS-X)[1] is doing
>something like what I want for firefox: the Sparkle-enabled application will
>only accept update bundles which are signed by a DSA privkey that matches a
>pubkey embedded in the app.
You can extend t
Zooko Wilcox-O'Hearn wrote:
> began with him mentioning a specific use case that he cares about and
> sees how to improve: authentication of Mozilla plugins.
To be specific, the itch that I was looking to scratch was the
authentication of Firefox updates. In some slides from the last
BlackHat, I w
On Wednesday,2009-09-16, at 14:44 , Ivan Krstić wrote:
Yes, and I'd be happy to opine on that as soon as someone told me
what those important problems are.
The message that you quoted from Brian Warner, which ended with him
wondering aloud what new applications could be enabled by such
fe
James A. Donald wrote:
> Nicolas Williams wrote:
> > > One possible problem: streaming [real-time] content.
>
> Brian Warner wrote:
> > Yeah, that's a very different problem space. You need
> > the low-alacrity stuff from Tahoe, but also you don't
> > generally know the full contents in advanc
Nicolas Williams wrote:
> > One possible problem: streaming [real-time] content.
Brian Warner wrote:
> Yeah, that's a very different problem space. You need
> the low-alacrity stuff from Tahoe, but also you don't
> generally know the full contents in advance. So you're
> talking about a mutable s
Michael Walsh wrote:
> - Adding a HTTP header with this data but requires something like a
> server module or output script. It also doesn't ugly up the URL (but
> then again, we have url shortner services for manual typing).
Ah, but see, that loses the security. If the URL doesn't contain the
r
Hi Brian, all;
I'm all for including merkle trees with HTTP GETs, two items that
spring to mind:
- Appending the location of the hash as you suggest in
#hashtree=ROOTXYZ;http://otherplace which requires no changes to the
webserver.
- Adding a HTTP header with this data but requires something lik