Brian Warner war...@lothar.com writes:
From what I can tell, the Sparkle update framework (for OS-X)[1] is doing
something like what I want for firefox: the Sparkle-enabled application will
only accept update bundles which are signed by a DSA privkey that matches a
pubkey embedded in the app.
On Wednesday,2009-09-16, at 14:44 , Ivan Krstić wrote:
Yes, and I'd be happy to opine on that as soon as someone told me
what those important problems are.
The message that you quoted from Brian Warner, which ended with him
wondering aloud what new applications could be enabled by such
Nicolas Williams wrote:
One possible problem: streaming [real-time] content.
Brian Warner wrote:
Yeah, that's a very different problem space. You need
the low-alacrity stuff from Tahoe, but also you don't
generally know the full contents in advance. So you're
talking about a mutable stream
James A. Donald wrote:
Nicolas Williams wrote:
One possible problem: streaming [real-time] content.
Brian Warner wrote:
Yeah, that's a very different problem space. You need
the low-alacrity stuff from Tahoe, but also you don't
generally know the full contents in advance. So
Hi Brian, all;
I'm all for including merkle trees with HTTP GETs, two items that
spring to mind:
- Appending the location of the hash as you suggest in
#hashtree=ROOTXYZ;http://otherplace which requires no changes to the
webserver.
- Adding a HTTP header with this data but requires something
Michael Walsh wrote:
- Adding a HTTP header with this data but requires something like a
server module or output script. It also doesn't ugly up the URL (but
then again, we have url shortner services for manual typing).
Ah, but see, that loses the security. If the URL doesn't contain the
