Conversation
Notices
-
Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca (bobjonkmanformer@sn.jonkman.ca)'s status on Wednesday, 07-Sep-2016 16:45:21 UTC Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca ♻ @KevinSMcArthur If you're relying on TLS alone for software integrity, you're doing something really, really wrong. ¶ via @caparsons on #Twitter !security - Claes Wallin (韋嘉誠) repeated this.
-
pettter ✅ (pettter@social.umeahackerspace.se)'s status on Wednesday, 07-Sep-2016 16:57:46 UTC pettter ✅ Curious what single thing provides better security for anything in terms of software (download) integrity. Claes Wallin (韋嘉誠) repeated this. -
Claes Wallin (韋嘉誠) (clackemovedtoheldscalla@quitter.se)'s status on Wednesday, 07-Sep-2016 17:08:06 UTC Claes Wallin (韋嘉誠) @pettter Package signatures with some know key, I suppose, independent of the CA system. But then the catch is, how do you get that key. -
pettter ✅ (pettter@social.umeahackerspace.se)'s status on Wednesday, 07-Sep-2016 17:12:18 UTC pettter ✅ @clacke Well, you can do TLS with cert pinning to avoid having anything to do with the CA system. Claes Wallin (韋嘉誠) repeated this. -
Claes Wallin (韋嘉誠) (clackemovedtoheldscalla@quitter.se)'s status on Wednesday, 07-Sep-2016 20:01:24 UTC Claes Wallin (韋嘉誠) @pettter True! -
Markus Kilås (netmackan@quitter.se)'s status on Thursday, 08-Sep-2016 19:21:13 UTC Markus Kilås @pettter @bobjonkman @clacke signed releases can protect the binary from when it was created all the way to te user installs it #CodeSigning Claes Wallin (韋嘉誠) likes this.Claes Wallin (韋嘉誠) repeated this. -
Markus Kilås (netmackan@quitter.se)'s status on Thursday, 08-Sep-2016 19:23:33 UTC Markus Kilås @pettter @bobjonkman @clacke TLS only protects the channel betwen the server an the client. Server could be mirror/CDN with modified binary. Claes Wallin (韋嘉誠) likes this.Claes Wallin (韋嘉誠) repeated this.