Since your site is hosted via github pages, what's the point?
An attacker who will compromise github will just modify the repo - the site will change along with it
gh-pages lacks ssl support though, so i guess this is (rather strange) way to close the door for evil-hostpot-mitm injection attacks?
I'd prefer just old fashioned chrome extension (that is actually strong guarantee) and ssl for mobile devices.
Other than that, the wallet looks nice, will try to use it with some pocket change for a while
An attacker who will compromise github will just modify the repo - the site will change along with it
gh-pages lacks ssl support though, so i guess this is (rather strange) way to close the door for evil-hostpot-mitm injection attacks?
I'd prefer just old fashioned chrome extension (that is actually strong guarantee) and ssl for mobile devices.
Other than that, the wallet looks nice, will try to use it with some pocket change for a while
Thanks for the reply.
This app would be there to re-assure users that the code loaded from the domain is the same as that on the repository. It's possible to redirect the domain away from the repository and therefore deliver a different set of JS files to the user. This would assure them that this had not happened.
I chose a HTML page rather than a chrome extension just because it's easier to use (i.e. not everyone has chrome). To repackage the page as an extension would be rather trivial I think.
Also the CarbonWallet is a 1 page app with no server. Therefore SSL is not required as the only communication is retrieving TX information and sending TX which are all public knowledge anyway.