#tlsnotary-chat

waxwing, on win7 with a fresh ff37, i cant the addon from the site. Also i get FF security exception dialog when going to tlsnotary.org

dansmith_btc: is this a virtual box install? because i think i had the same

but not reproduced on my laptop

best i could figure it was to do with an old cert store?

ah, ok makes sense, yes this is vbox

it's still weird anyway, but wasn't sure how to figure out what was going on. ff binary should be up to date, eh.

even after you get rid of the tlsnotary.org sec warning, there was still a nasty hack needed to get it to allow xpi download

pagesigner plugin wasn't working on ff 34 (the extension icon didn't show up). upgrading to ff 37 worked

bertani: which OS?

i expected pre-29 to fail but not really 34

waxwing: linux/ubuntu14.04

k, thx

waxwing, also on win xp&7 the about dialog links are not opening (i get gBrowser is undefined in console)

dansmith_btc: hmm, i don't (on VB or laptop)

on vb

extensions.install.requireBuiltInCerts should be created and set to false on VB to allow xpi download

I am looking forward to use pagesigner to prove I didn't alter the API response from wolfram alpha (for the Oraclize project), however I am still reading the whitepaper :)

it's a fairly insane mozilla decision: should a user choose to accept a cert (self signed), they still will not allow xpi download; and it fails silently :)

bertani: interesting, is that API open or is it a paid service?

waxwing: a paid one

bertani: cool idea. you have a "trustless" (cough cough) way to get real world data into a crypto system

<strikethrough>Amazon :)

waxwing: as trustless as possible ;) I am adding new sources and working on an inter-oracle protocol

it is a lot closer to trustless than it looks at first glance

having a way to prove the single oracle didn't alter the response fetched from a third-party is great

waxwing, did you get my memo above about the About XUL dialog?

dansmith_btc: yes, i said "i don't" - just double checked both VB and laptop

but this is win 7 only; as for xp, doesn't seem too crucial

looks like the psgs file doesn't contain any reference to the signed page URL, does it?

dansmith_btc: i am working of may 1 commit fcece

so i could update, but i guess you know what those updates are

bertani: the pgsg contains the encrypted response + material to decrypt

waxwing, actually now that I remember, I accidentally pushed that stuff to master

we should be on your may 1 commit

bertani: file format is here: https://gist.github.com/AdamISZ/d9b96ebc37756aa...

is it ok, if I reset the pagesigner/master branch to may 1?

dansmith_btc: fine with me, i didn't actually know those updates happened :)

hmm, would be nice if github notifier emailed that kind of thing

ok, reset

bertani: it's probably not exactly what you want, but when you import the pgsg you can 'view raw' to see the url requested

i guess you want it programmatically

waxwing, no, not even view raw will expose the URL

dansmith_btc: yeah, you're right, i just tried it :)

it is only exposed in the request that we make to the server.

we "could" include the request into the pgsg file if need be.

i guess it's an obvious candidate to put into the file, yeah, but that's a surprisingly trick point isn't it.

trick+y

especially for an API

server can only authenticate what it sends, not what the client sent...

waxwing: I am looking at the code to see how you check the chosen_notary (oracle server) is running the right code

I'd like the URL not to be included, it seems already to be the case

bertani: AWS api queries

start here i guess: https://github.com/tlsnotary/pagesigner-oracles...

dansmith_btc is the creator of this method, so he will be able to answer any questions about it

"view raw" doesn't show the URL, just the raw response, right?

bertani: correct. i was wrong in assuming it would for some reason :)

although, it *can*. for example, in a Set-Cookie header

yes right, but this is not the case with my APIs

basically the server can send back anything it likes

right

however I guess the chosen_notary is receiving the URL

no, the notary only ever knows the pubkey of the server being audited

it never sees the client's request url or the encrypted or unencrypted response

oh ok, than the only thing left is to verify the chosen_notary is actually trustworthy :)

right, hence the amazon aws oracle tech. the client verifies that the notary is what it claims by doing aws queries to amazon.

yes I am looking at content/oracles.js

thanks

waxwing: minor issue, "manage files/view" shows a file with .html extension and firefox gives the extension priority over the actual content type hence it's not always appropriate

I think removing .html would be enough, works in my case (xml file)

*xml content

bertani: good point, we should do something about that. PRs welcome :)

or an issue anyway so it doesn't get forgotten

waxwing: ok, btw I am working on a patch for pagesigner to execute it outside firefox (nodejs)

bertani: great.

tlsnotary/tlsnotary is peer to peer auditor and auditee (so the auditor gets proof, but cannot transfer it). then pagesigner creates a transferrable proof by using an auditor which is an oracle. your version automates that.

have you considered just directly making an oracle on amazon to do the wolfram (or whatever it was) queries?

waxwing, do you have anything to push to master? i want to make a huge PR with chrome support

dansmith_btc: no, feel free

i take it it's working well then? great to hear.

also, i had an old ff35 - the button didnt show on install, when i upgraded to ff36 - it showed, so i'll set a min version for ff to 36

ok, thanks. i wonder what breaks there.

dansmith_btc: I had ~ same issues with 34

waxwing, mi3.setAttribute("class","menuitem-with-favicon menuitem-iconic bookmark-item"); <--- this attribute i just copied from FF's history menu , maybe it was introduced recently

waxwing: I am not sure I got your point here.. why would I want to run a custom codesigner oracle by myself? the point is not to need the user to trust me

bertani: just playing with ideas; i could imagine an aws oracle that itself directly spoke to the wolfram api, rather than letting you do it via tlsnotary.

haven't really thought through the pros and cons

oh ok, but I need to be able to prove any URL so using pagesigner directly makes sense to me

dansmith_btc: i will test tonight or tomorrow as widely as i can (on chrome i mean)

thanks

hi folks

hello

belcher: how are things

we're drinking champagne over in #joinmarket, we made a couple of mainnet coinjoins