Feature #8849
Technical specifications for ISO verification extension
Start date:
2015-01-28
Due date:
% Done:
100%
Description
Subtasks
Feature #8850: Investigate feasibility of OpenPGP signature verification in JavaScript | Rejected | 0 |
|||
Feature #8816: Investigate upload mechanisms and reactivity for browser app stores | Resolved | 0 |
|||
Feature #8855: Design data source for ISO verification extension | Resolved | sajolida | 50 |
||
Feature #8873: Decide which kind of verification would the ISO verification extension do | Resolved | 0 |
|||
Feature #9028: Check whether Tor Browser disables automatic updates | Resolved | sajolida | 0 |
||
Feature #9043: Check whether BitTorrent clients do proper hash verification | Resolved | 0 |
History
#1 Updated by sajolida 2015-02-21 19:12:15
- Affected tool set to ISO Verification Extension
#2 Updated by sajolida 2015-03-10 09:28:12
- Subject changed from Technical specifications for ISO verification extension to Security specifications for ISO verification extension
#3 Updated by sajolida 2015-03-16 11:17:10
- Subject changed from Security specifications for ISO verification extension to Technical specifications for ISO verification extension
#4 Updated by intrigeri 2015-03-23 14:57:58
Might it be that Subresource Integrity, once supported by common browsers (no idea if that’s the case yet) could replace the extension, and be a much cheaper way to get what we want?
#5 Updated by intrigeri 2015-03-23 15:16:19
- Firefox: support for SRI is being actively worked on
- Google Chrome:
- implemented for secure origins and script tags already: https://codereview.chromium.org/566083003/
- actively worked on:
- Internet Explorer
#6 Updated by sajolida 2015-03-25 22:20:44
I read through the Chrome discussion. Current implementation status is only for