On 04/02/15 17:38, Erik de Bruin wrote:
Only if you think a man-in-the-middle attack that hijacks both the
download and the MD5 request is more likely than the bad guys having
backdoor access to the servers actually hosting those files. And given
the fact that those servers reside in the US and that Snowden's main
revelation wasn't about a foreign power having access to nearly every
bit in the US, I say we don't worry too much about it;-)
If people's Windows settings are incompatible with modern web sites
(against Microsoft advice) then they will encounter more and more
problems with time.
We just happen to be seeing some fall out.
I still think we should just document it, and suggest checking the
settings when we get failures on Windows, and as a plan B look at the
AS3-native HTTPS implementation that doesn't use the underlying O/S.
I wont veto any change to HTTP though; life is too short and I'm out
numbered,
Tom
