blob: 601eb3f5c6a34f590de9a34c09d007fd993ac8eb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
* JSON serialization of signatures uses base64, and
does not compress well. gzip -9 of just the base64 signature
is 113 bytes, double the 64 byte actual size. Find a more efficient
encoding for bytestrings in JSON.
* Leave the prevMessage out of Activity serialization to save BW.
Do include it in the data that gets signed, so it can be recovered
by trying each likely (recently seen) Activity as the prevMessage, and
checking the signature.
(If doing this, might as well switch to SHA512, since hash size does not
matter.)
* loadLog should verify the hashes (and signatures) in the log, and
refuse to use logs that are not valid proofs of a session.
* Network!
* Server!
* gpg key downloading, web of trust checking, prompting
Alternatively, let debug-me be started with a gpg key,
this way a project's website can instruct their users to
"run debug-me --trust-gpg-key=whatever"
* Multiple developers should be able to connect to a single debug-me
user. Most of the code was written with that in mind, but not tested
yet..
* Add a protocol version (probably to the SessionKey message)
|
