also sprach Todd Troxell <ttroxell@debian.org> [2004.07.02.0137 +0200]: > Given enough time and and energy, any security measure will be > subverted, and yes, probably by someone that knows what they're > doing. While I agree with your statement, I find it rather unimaginable for someone to MITM-attack an SSL channel, given that the client side knows about SSL and expects the high security -- e.g. verifies the certificate and otherwise protects the client computer. Perfect security isn't possible, but you can get damn close. It all depends on the threat model though. So: any other voices against an SSL page for key/fingerprint download of the archive signing key? -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature