Feature #3406
automatic pinning of local repo HTTPS SPKI
| Status: | New | Start date: | 05/22/2014 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | - | |||
| Target version: | - | |||
| Component: |
Description
I just had an idea about how to streamline the experience of connecting to a local repo that is using HTTPS://. If part of the advertised info (like fingerprint, bssid, etc. in the URL, QR Code, etc) was the SPKI info needed by MTM/AndroidPinning, then perhaps there is a way to add that info before connecting via HTTPS:// so that there is no certificate warning at all, or even a TOFU "Accept/Once/Never" dialog. The key to making this work is somehow associating the fdroid signing key cert with the SPKI info, so we can use the fdroid certificate as the canonical unique ID for a repo.
Basically, the "Add Repo" dialog becomes the one dialog for TOFUing both the repo's signing key and its HTTPS certificate.
History
#1 Updated by hans over 3 years ago
- Target version changed from implement swap UI to 134
#2 Updated by hans over 2 years ago
- Target version deleted (
134)