2012/2/29 Tomas Bodzar <tomas.bod...@gmail.com>: > On Wed, Feb 29, 2012 at 3:44 AM, Nathan Stiles <stiles.nat...@gmail.com> >> I was also expecting the checksum to be served over HTTPS. > > Some exact reason for that? Especially regarding a lot of issues and > flaws discovered during last months/years in various implementations > of SSL/certificates/CAs?
[...] >> What are others doing? Other, like "the rest of the internet" are using those certificate authorities (all 600+ of them?) as if they work, and make users believe that "since my browser says Chunghwa Telecom or NetLock Halozatbiztonsagi Kft.is to be trusted, mylocalbank.com showing one of their certs must be fine and dandy" Doing what "others do" isn't always adding to real security. As everyone says, buying the CD is a solution for the really paranoid. Going to a BSD conference where obsd devs and affiliates sell such CDs even mitigate the evil post office CD-swapper issue. If you aren't ready to shell out the bucks for one CD set, then it can't really be important. -- To our sweethearts and wives. May they never meet. -- 19th century toast
