Build compilation authentication #12

Open
opened 2022-12-27 05:43:08 +03:00 by gozzy · 0 comments

Given the new release of the community ENS resolver and indiviudals reliance to access the frontend through DNS propogation; arguably because of interopability across devices. There is a growing risk of interception and adversial hijacking, this is also equally valid for other resolvers. While the application version (which is derived from the commit hash), is an attempt to verify reproducible builds it is easily manipulated when viewing the static content.

We need a method where individuals can easily verify the source as authentic when resolving the static content, perferably a process of non-repudiation.

Given the new release of the community ENS resolver and indiviudals reliance to access the frontend through DNS propogation; arguably because of interopability across devices. There is a growing risk of interception and adversial hijacking, this is also equally valid for other resolvers. While the application version (which is derived from the commit hash), is an attempt to verify reproducible builds it is easily manipulated when viewing the static content. We need a method where individuals can easily verify the source as authentic when resolving the static content, perferably a process of non-repudiation.
Sign in to join this conversation.
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: tornadocash/classic-ui#12
No description provided.