On 11 December 2015 at 05:51, Andy Bradford <amb-open...@bradfords.org> wrote:
> If one wants privacy on a website then more is required than just HTTPS. > Right. *I* just want a reasonable (256-bit) guarantee that the signify keys on my screen are the ones the OpenBSD authors intended me to see. I currently just assume they are correct because it'd be enormously complex to spoof the entire OpenBSD distribution, but I souldn't have to rely on "security through effort involved". Remember the guy who tried to securely download PuTTY? He couldn't <https://noncombatant.org/2014/03/03/downloading-software-safely-is-nearly-impossible/> . Be snobbish all you want about using Windows and expecting any level security, but having to give your SSH login info to an unauthenticated binary from the internet because there is no other option is a pretty serious problem, which could easily have been prevented by simply enabling HTTPS. -Thijs
