Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] secure download tool - doesn't exist?!?

Martin Uecker uecker at eecs.berkeley.edu
Mon Jul 1 16:22:16 PDT 2013


Jacob Appelbaum <jacob at appelbaum.net> wrote:

...

> We need a secure downloading tool, we need it to be built into every OS
> by default and until then, we'll have to rely on tricks to hack it -
> preloading certs in browsers, having a website to download it from and
> so on.
>

What we need are backwards compatible self-certifying URLs or hyperlinks,
e.g. something like this:

<a href="./mysoftware.tgz" hmac="sha1:da19d18ef86f4fb8fe8b61323806ec1764f9bf00">My software</a>
<a href="./mysoftware.tgz#sha1:da19d18ef86f4fb8fe8b61323806ec1764f9bf00">My software</a>

And something similar to specify a public key.

This would need to be standardized and supported by all major browsers. 

Martin





More information about the liberationtech mailing list