From owner-freebsd-questions@FreeBSD.ORG Mon Mar 3 17:06:01 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8F85DF11 for ; Mon, 3 Mar 2014 17:06:01 +0000 (UTC) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.52.97]) by mx1.freebsd.org (Postfix) with ESMTP id 6428DF28 for ; Mon, 3 Mar 2014 17:06:01 +0000 (UTC) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 9D4EACB8C98; Mon, 3 Mar 2014 11:06:00 -0600 (CST) Received: from 128.135.70.2 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Mon, 3 Mar 2014 11:06:00 -0600 (CST) Message-ID: <18642.128.135.70.2.1393866360.squirrel@cosmo.uchicago.edu> In-Reply-To: <20140303164050.0482c1e6@gumby.homeunix.com> References: <20140302172759.GA4728@hp-netbook.local> <20140303152943.GA5696@hp-netbook.local> <46383.128.135.70.2.1393861805.squirrel@cosmo.uchicago.edu> <20140303160218.072db3fe@gumby.homeunix.com> <39523.128.135.70.2.1393863706.squirrel@cosmo.uchicago.edu> <20140303164050.0482c1e6@gumby.homeunix.com> Date: Mon, 3 Mar 2014 11:06:00 -0600 (CST) Subject: Re: Cryptografically signed ISO images From: "Valeri Galtsev" To: "RW" User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: galtsev@kicp.uchicago.edu List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 17:06:01 -0000 On Mon, March 3, 2014 10:40 am, RW wrote: > On Mon, 3 Mar 2014 10:21:46 -0600 (CST) > Valeri Galtsev wrote: > >> >> On Mon, March 3, 2014 10:02 am, RW wrote: > >> > That's fine if you can download the checksum files by HTTPS, but on >> > an FTP server it's no more that a check against corruption. >> >> Yes, but: if you verified the certificate of https host, you can be >> sure that ftp on the same IP address is owned by the same people. > > The IP addresses of www.freebsd.org and ftp.freebsd.org are > different, but even if they weren't that wouldn't protect against > man-in-the-middle attacks. Silly me... you are absolutely right! > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++