[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revival of the signed debs discussion

On Wed, 3 Dec 2003 13:26:02 +0100, Matthias Urlichs said:

> I'm also a bit concerned about MitM attacks; the hash-or-whatever which

Obviously you can do this only using a secure channel.

> the local side is supposed to sign should probably be encrypted with the
> signer's public key, otherwise I can just replace the data packet with
> something that ends up signing a totally different file. :-/

And if I do that, I could also sign the file right at the remote
machine because the (or some) signature key must be available over
there ;-)


Reply to: