Nelson B wrote: > One needs a trusted source AND a trusted channel to that source.
Yes, although there's also a "herd immunity" feature, as I discuss below. At the moment, spotting things like the Wordpress download tarball trojan took quite a while, because someone had to bother to check the code against the published MD5sum manually - and who does that? Maybe just you :-) If Link Fingerprints were being used, 15% or more of all downloads would be checked automatically. The problem would have been spotted much, much sooner. So even people without LF-supporting clients, and people against whom an MITM is being attempted, get an indirect benefit. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
