
28 Oct
2012
28 Oct
'12
3:26 p.m.
On Sun, 28 Oct 2012 14:45:02 +0100 Iustin Pop wrote:
Kindly disagree here. Ensuring that packages are downloaded safely/correctly without MITM attacks is also important. Even if as an option.
HTTPS doesn't fully protect against a MITM since there is no shared secret between client and server prior to the connection. The MITM can use a self-signed certificate, or possibly a certificate signed by a compromised CA.