Enabling TLS connections
Posted: Fri Mar 24, 2017 8:45 am
Hey there,
It has been an industry standard to put the hashes online once a new version is released to ensure that one has got the right item and not a software which has been edited throughout the way (by a Man In The Middle / MITM).
However, when transmitted through an insecure port 80 or 21, it is possible that the software could be processed by an MITM. Same applies to the uploaded hash values. To ensure that this won't happen, it'd be nice to use a (trusted) TLS connection. I think Let's Encrypt or StartCOM should be a free, but fair way to receive the certificates to that purpose...
Here another reason: It's said google ranks TLS encrypted sites higher lol
It has been an industry standard to put the hashes online once a new version is released to ensure that one has got the right item and not a software which has been edited throughout the way (by a Man In The Middle / MITM).
However, when transmitted through an insecure port 80 or 21, it is possible that the software could be processed by an MITM. Same applies to the uploaded hash values. To ensure that this won't happen, it'd be nice to use a (trusted) TLS connection. I think Let's Encrypt or StartCOM should be a free, but fair way to receive the certificates to that purpose...
Here another reason: It's said google ranks TLS encrypted sites higher lol