RE: include SHA1/MD5 hash/digest of setup.exe, and HTTPS

2012-09-27 Thread Garrison, Jim (ETW)
> -Original Message- > From: Christopher Faylor > Subject: Re: include SHA1/MD5 hash/digest of setup.exe, and HTTPS > > There is another aphorism that trumps all of this: "Someone has to do > it". I seem to not be making it clear that it is very unlikely tha

Re: include SHA1/MD5 hash/digest of setup.exe, and HTTPS

2012-09-27 Thread Christopher Faylor
On Thu, Sep 27, 2012 at 05:29:56PM +0200, Noel Grandin wrote: >On 2012-09-27 17:22, James Johnston wrote: >>This is just as pointless as serving over plaintext HTTP and creates a >>false illusion of security. > >And in the words of Linus Torvalds: "The perfect is the enemy of the >good". (Not actu

Re: include SHA1/MD5 hash/digest of setup.exe, and HTTPS

2012-09-27 Thread Noel Grandin
On 2012-09-27 17:22, James Johnston wrote: This is just as pointless as serving over plaintext HTTP and creates a false illusion of security. And in the words of Linus Torvalds: "The perfect is the enemy of the good". (Not actually originally by him, but he probably carries more weight around

RE: include SHA1/MD5 hash/digest of setup.exe, and HTTPS

2012-09-27 Thread James Johnston
> -Original Message- > Behalf Of Bry8 Star > Sent: Thursday, September 27, 2012 05:14 > Subject: Re: include SHA1/MD5 hash/digest of setup.exe, and HTTPS > > James, you are right, a combination approach would be better. > > But before doing any major changes (on

Re: include SHA1/MD5 hash/digest of setup.exe, and HTTPS

2012-09-26 Thread Bry8 Star
, September 26, 2012 11:57 >> Subject: include SHA1/MD5 hash/digest of setup.exe, and HTTPS >> >> Hello, >> Please include SHA1/MD5 hash/digest code of "setup.exe" file, on webpage >> next to "setup.exe" download url-link. >> so we can know f

Re: include SHA1/MD5 hash/digest of setup.exe, and HTTPS

2012-09-26 Thread Christopher Faylor
On Wed, Sep 26, 2012 at 04:57:24AM -0700, Bry8 Star wrote: >Hello, >Please include SHA1/MD5 hash/digest code of "setup.exe" file, on webpage >next to "setup.exe" download url-link. >so we can know for sure, if we have a correct file or not, and someone >in middle (MITM) has not changed it. There i

RE: include SHA1/MD5 hash/digest of setup.exe, and HTTPS

2012-09-26 Thread James Johnston
> -Original Message- > Sent: Wednesday, September 26, 2012 11:57 > Subject: include SHA1/MD5 hash/digest of setup.exe, and HTTPS > > Hello, > Please include SHA1/MD5 hash/digest code of "setup.exe" file, on webpage > next to "setup.exe" download u

include SHA1/MD5 hash/digest of setup.exe, and HTTPS

2012-09-26 Thread Bry8 Star
Hello, Please include SHA1/MD5 hash/digest code of "setup.exe" file, on webpage next to "setup.exe" download url-link. so we can know for sure, if we have a correct file or not, and someone in middle (MITM) has not changed it. Windows users prefer to verify files rather with sha1/md5 etc, than usi