Date: Mon, 3 Mar 2014 16:40:50 +0000 From: RW <rwmaillists@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: Cryptografically signed ISO images Message-ID: <20140303164050.0482c1e6@gumby.homeunix.com> In-Reply-To: <39523.128.135.70.2.1393863706.squirrel@cosmo.uchicago.edu> References: <20140302172759.GA4728@hp-netbook.local> <20140303152943.GA5696@hp-netbook.local> <46383.128.135.70.2.1393861805.squirrel@cosmo.uchicago.edu> <20140303160218.072db3fe@gumby.homeunix.com> <39523.128.135.70.2.1393863706.squirrel@cosmo.uchicago.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Mar 2014 10:21:46 -0600 (CST) Valeri Galtsev wrote: > > On Mon, March 3, 2014 10:02 am, RW wrote: > > That's fine if you can download the checksum files by HTTPS, but on > > an FTP server it's no more that a check against corruption. > > Yes, but: if you verified the certificate of https host, you can be > sure that ftp on the same IP address is owned by the same people. The IP addresses of www.freebsd.org and ftp.freebsd.org are different, but even if they weren't that wouldn't protect against man-in-the-middle attacks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140303164050.0482c1e6>