01:10 <stellar-slack> <lab> snapshot time for what?

01:10 <stellar-slack> <lab> btc?

01:11 <stellar-slack> <lab> str network doesn't need snapshot

01:40 <stellar-slack> <sacarlson> I have a thought on a possible site authentication method that would require a sites that is active on the service to sign the contents of there static and maybe even dynamicly changing js and html files used at the time with there stellar address and signing tools. The signing info would be in a standard location on the site so that the user or a third party trusted checker site could check the conten

01:40 <stellar-slack> by a site hijacker or man in the middle attack. This in some way could also be used as an inexpensive and easy way to not require or supplement https services for site authentication.

02:07 <stellar-slack> <brian.ebert> sacarlson: creating a message authentication code for your source?

02:08 <stellar-slack> <sacarlson> message authentication? no this just does a check of the static files on the website

02:08 <stellar-slack> <sacarlson> like index.html

02:09 <stellar-slack> <sacarlson> just a signature of the hash of the contents of that file by what that site uses as there stellar address

13:29 <stellar-slack1> <dzham> a MAC or a HMAC would just be a checksum that can prove it was generated by the entity that it says it generated by.

13:35 <stellar-slack1> <sacarlson> in my example I do an SHA256 hash on each file that is then signed by the site to show file integrity

13:35 <stellar-slack1> <sacarlson> I'm looking for other examples of this that are similar

13:39 <stellar-slack1> <sacarlson> it looks like on the browser side that we can also perform this in ajax with XMLHttpRequest objects then do sha256 hash on it and again sign it as I do in ruby in my example. here is this groups input on it http://qnimate.com/how-to-make-browsers-verify-fetched-resources-content/

13:41 <stellar-slack1> <sacarlson> just another one of my many stupid ideas

13:48 <stellar-slack1> <dzham> It’s not *that* stupid. Would be great for catching MITM attempts, if nothing else

13:49 <stellar-slack1> <sacarlson> ya but is it worth the effort. people already trust banks with just https so why not stellar?

13:49 <stellar-slack1> <sacarlson> other than this working without https I guess for cheap people like me

13:50 <stellar-slack1> <dzham> How do you as a user get the correct public key for each site though?

13:51 <stellar-slack1> <sacarlson> there is a standard publish file for stellar gateways. additionaly you could store that published address when it was found in your browsers storage and verify it doesn't change

13:52 <stellar-slack1> <sacarlson> I don't recall the standard name of the file off the top of my head but I did read about it and have used it to find the active addresses of stellar gateways

13:52 <stellar-slack1> <dzham> yeah, but then you have to trust the stellar.txt file, what if the perp changed the public key in the .txt file?

13:53 <stellar-slack1> <sacarlson> that as I said you store the first time you go to the site or you find the info on a third party site that would collect the addresses of known gateways

13:54 <stellar-slack1> <dzham> that would catch changed keys.. but how to make sure the first one you get is the right one?

13:54 <stellar-slack1> <dzham> (this is one of the big issues with any public key scheme)

13:55 <stellar-slack1> <sacarlson> ya you have to assume the site isn't already comprimised the first time you visit it but who's to say it wasn't already

13:58 <stellar-slack1> <dzham> I don’t remember what you can put into an SSL-cert, maybe there’s some field you could put a pubkey in

13:58 <stellar-slack1> <dzham> Assuming you have SSL activated anyways

14:02 <stellar-slack1> <sacarlson> there is the OU Organizational Unit value in the SSL cert that I see some sites don't even use, I'm not sure how many letters it will accept

14:04 <stellar-slack1> <donovan> One day this might help, where you could reuse the validation public/private keys as the TLS keys: https://tools.ietf.org/html/draft-josefsson-tls-eddsa2-01

14:08 <stellar-slack1> <sacarlson> what version of ED... do we now use on stellar keys? @donovan ?

14:09 <stellar-slack1> <donovan> There is only one that I’m aware of, ed25519, it’s just the name of the curve parameters :)

14:09 <stellar-slack1> <donovan> 255 and 19

14:09 <stellar-slack1> <sacarlson> cool

14:10 <stellar-slack1> <sacarlson> I've seen a number that looks like that some place in the code or structure docs

14:11 <stellar-slack1> <donovan> http://ed25519.cr.yp.to/python/ed25519.py ```q = 2**255 - 19```

14:11 <stellar-slack1> <sacarlson> in any case that would probly be the better key to use for most other sites that aren't related to stellar

14:13 <stellar-slack1> <sacarlson> what is this number 27742317777372353535851937790883648493 some fixed seed number they use?

14:13 <stellar-slack1> <sacarlson> python is cool much easier to read

14:14 <stellar-slack1> <sacarlson> I can almost read this but not ha ha

14:16 <stellar-slack1> <donovan> The number is a just a large prime… Don’t ask me too many hard crypto-questions… I’m just an amateur crypto enthusiast :) http://ed25519.cr.yp.to/ed25519-20110926.pdf

14:19 <stellar-slack1> <sacarlson> IC well I'm at even a lower paygrade than that as far a crypto programing is concerned, I just assume that smarter people than mayself have that all figured out