Re: Revival of the signed debs discussion
On Wed, 3 Dec 2003 13:26:02 +0100, Matthias Urlichs said:
> I'm also a bit concerned about MitM attacks; the hash-or-whatever which
Obviously you can do this only using a secure channel.
> the local side is supposed to sign should probably be encrypted with the
> signer's public key, otherwise I can just replace the data packet with
> something that ends up signing a totally different file. :-/
And if I do that, I could also sign the file right at the remote
machine because the (or some) signature key must be available over
there ;-)
Werner
Reply to: