From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-215952-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 107726 invoked by alias); 12 Mar 2019 19:21:59 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 107718 invoked by uid 89); 12 Mar 2019 19:21:59 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.1 spammy=channel, attack, HX-Languages-Length:1252, HX-Spam-Relays-External:ESMTPA
X-HELO: vsmx009.vodafonemail.xion.oxcs.net
Received: from vsmx009.vodafonemail.xion.oxcs.net (HELO vsmx009.vodafonemail.xion.oxcs.net) (153.92.174.87) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 12 Mar 2019 19:21:57 +0000
Received: from vsmx001.vodafonemail.xion.oxcs.net (unknown [192.168.75.191])	by mta-5-out.mta.xion.oxcs.net (Postfix) with ESMTP id 29007C0417	for <cygwin@cygwin.com>; Tue, 12 Mar 2019 19:21:55 +0000 (UTC)
Received: from Gertrud (unknown [87.185.218.207])	by mta-5-out.mta.xion.oxcs.net (Postfix) with ESMTPA id E0FB330055F	for <cygwin@cygwin.com>; Tue, 12 Mar 2019 19:21:52 +0000 (UTC)
From: Achim Gratz <Stromeko@nexgo.de>
To: cygwin@cygwin.com
Subject: Re: SSL not required for setup.exe download
References: <CANSoFxtW0Jb1M5KfkFGGOxec_D8ysyYCrnk_PXWjHobLDXZauQ@mail.gmail.com>	<1a840c2e-55ac-0ab4-66c4-a1f6a2c4f81a@Shaw.ca>	<CANSoFxtA0vnF1adx4rwyjuMasrVAOGb8hT_Uct-wSdcazj252w@mail.gmail.com>	<41f12842-ea43-ff63-a660-26ee3b497c63@SystematicSw.ab.ca>	<CANSoFxtLzGgcOhrsu4h0eXXnpezB6v17cGwOrqy6SjSvJ__gLA@mail.gmail.com>	<1b570593-0ec7-0890-26ef-7e7468534f47@SystematicSw.ab.ca>	<CANSoFxsq+5OfRH7RF3QdpMSJU-4JAKSCZM-rUUysP5Y3myR0+Q@mail.gmail.com>	<CAD8GWsu+P_d8RCiibkZ068oRAf8yeu=W5CLFO+ZNXGxjUcBOpw@mail.gmail.com>	<CANSoFxu7sNUqP3zSKHiFULBrvOkhPFRuc8MyAHojAGFNu-O_xQ@mail.gmail.com>
Date: Tue, 12 Mar 2019 19:21:00 -0000
In-Reply-To: <CANSoFxu7sNUqP3zSKHiFULBrvOkhPFRuc8MyAHojAGFNu-O_xQ@mail.gmail.com>	(Archie Cobbs's message of "Tue, 12 Mar 2019 08:47:36 -0500")
Message-ID: <87zhpz3nlf.fsf@Rainer.invalid>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-SW-Source: 2019-03/txt/msg00305.txt.bz2

Archie Cobbs writes:
> Downloading the sig file over HTTP is useless... any attacker going to
> the trouble to launch a MITM attack for setup.exe will certainly also
> do it for the sig file as well.

No, the signature would be rejected if you cared to actually check the
key and signature (truly checking the key mandates a separate
information channel that hopefully is not under the control of the
attacker).  Now, if you are postulating an attacker that can sign with
the correct key, then there wouldn't be no need for a cleartext MitM
attack in the first place.

> OTOH, if you download the file over HTTPS..  then your client supports
> SSL. Which is exactly what I'm saying should be mandatory.

Well, everyone so far agreed with you that TLS is preferrable (although
it isn't nearly as foolproof as you seem to believe).  But you don't
seem to grasp that not everyone can use it every time and that the
fallback is actually better than the DoS that would result for folks
that are cut off from doing (proper) HTTPS.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Wavetables for the Terratec KOMPLEXER:
http://Synth.Stromeko.net/Downloads.html#KomplexerWaves

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple