Conversation
Notices
-
Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca (bobjonkmanformer@sn.jonkman.ca)'s status on Wednesday, 07-Sep-2016 16:45:21 UTC 
Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca
♻ @KevinSMcArthur If you're relying on TLS alone for software integrity, you're doing something really, really wrong. ¶ via @caparsons on #Twitter !security - Claes Wallin (韋嘉誠) repeated this.
-
pettter ✅ (pettter@social.umeahackerspace.se)'s status on Wednesday, 07-Sep-2016 16:57:46 UTC 
pettter ✅
Curious what single thing provides better security for anything in terms of software (download) integrity. Claes Wallin (韋嘉誠) repeated this. -
Claes Wallin (韋嘉誠) (clackemovedtoheldscalla@quitter.se)'s status on Wednesday, 07-Sep-2016 17:08:06 UTC 
Claes Wallin (韋嘉誠)
@pettter Package signatures with some know key, I suppose, independent of the CA system. But then the catch is, how do you get that key. -
pettter ✅ (pettter@social.umeahackerspace.se)'s status on Wednesday, 07-Sep-2016 17:12:18 UTC
pettter ✅
@clacke Well, you can do TLS with cert pinning to avoid having anything to do with the CA system. Claes Wallin (韋嘉誠) repeated this. -
Claes Wallin (韋嘉誠) (clackemovedtoheldscalla@quitter.se)'s status on Wednesday, 07-Sep-2016 20:01:24 UTC
Claes Wallin (韋嘉誠)
@pettter True! -
Markus Kilås (netmackan@quitter.se)'s status on Thursday, 08-Sep-2016 19:21:13 UTC 
Markus Kilås
@pettter @bobjonkman @clacke signed releases can protect the binary from when it was created all the way to te user installs it #CodeSigning Claes Wallin (韋嘉誠) likes this.Claes Wallin (韋嘉誠) repeated this. -
Markus Kilås (netmackan@quitter.se)'s status on Thursday, 08-Sep-2016 19:23:33 UTC
Markus Kilås
@pettter @bobjonkman @clacke TLS only protects the channel betwen the server an the client. Server could be mirror/CDN with modified binary. Claes Wallin (韋嘉誠) likes this.Claes Wallin (韋嘉誠) repeated this.
All Chirp! content and data are available under the