Welcome! Log In Create A New Profile

Advanced

why not SSL for public key pages?

Posted by momo 
why not SSL for public key pages?
September 30, 2015 12:52AM
I was trying to download Debian linux package for nginx

It needs a signing key.

The signing key is verified through public key.

PROBLEM: is public key is ONLY on http page. Https does not work on that page. http://nginx.org/keys/nginx_signing.key

So how do we even know the public key is good? This is strategic download. There could be all kinds of security issues like MITM attack.

I am not key expert, but I know public key must be trustworthy. How come it is not at least protected by SSL so it is more likely the download is good.

Am I crazy? Can we get SSL here?
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 253
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready