Archie Cobbs writes: > Downloading the sig file over HTTP is useless... any attacker going to > the trouble to launch a MITM attack for setup.exe will certainly also > do it for the sig file as well.
No, the signature would be rejected if you cared to actually check the key and signature (truly checking the key mandates a separate information channel that hopefully is not under the control of the attacker). Now, if you are postulating an attacker that can sign with the correct key, then there wouldn't be no need for a cleartext MitM attack in the first place. > OTOH, if you download the file over HTTPS.. then your client supports > SSL. Which is exactly what I'm saying should be mandatory. Well, everyone so far agreed with you that TLS is preferrable (although it isn't nearly as foolproof as you seem to believe). But you don't seem to grasp that not everyone can use it every time and that the fallback is actually better than the DoS that would result for folks that are cut off from doing (proper) HTTPS. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Wavetables for the Terratec KOMPLEXER: http://Synth.Stromeko.net/Downloads.html#KomplexerWaves -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
