X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type; q=dns; s=default; b=uRHvA0C WVm19BI2b0uoR1UVmlGR7xyspcrUY249No+RXFvWhL7IB/EDR+FA25YGHK5lFqji vX6UB1IW7G4eiFzIdhf5s3Xp2g+k5WYQsUVeQTkRVah4k4rL390WwFfMhFHG0xJT t1GXUYxQqDqyIVVc/niIKU/XH0O23QnboQ8c= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type; s=default; bh=YWiaFP7g2sIAW ZzS4zX/ZN7Usk8=; b=rs7jL8cVq8evL1+MV8sVSi5SN7KLSPVlu2TYQFLxGEPes laAAbfbs3RxHjW1zxzfrEEDr1t3vdbkkUhUmPfHfo2/5fBPc7RLfhU+IX0FaxA7u xp6wJO/IdVjTh2u+CaYcm2eF3B6H3wMe/6Gdlt1QI5Y05PcR74cZKPRYd0/1Ys= Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-0.0 required=5.0 tests=BAYES_20,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=corporate, faith, Love, H*f:sk:Q@mail. X-HELO: mail-wr1-f52.google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=4G0ERj5uD/jZlc1uSFUq7xT+S1f+feAOBm0ni8+VGc8=; b=L/aCqFHZuo7rQkWE3B7gqGxOya1W+PiJOuMH9Hp8jCP5l7BZ0BZdIxJruDQhKmVDZ8 1YK8RUY924PC4mQC5ywLSL/tnhGIq7esOAIWfK0HbQPslyevxD7M3At/yRpZ9y5TcI7i vBa8Mfkw3oQlHwJo/b6a2w8ULFaVShkYXuHTQCvE3ZKPBcFWe8kbGut195xvom1SIyqa JKalgmZLihXN502XRBHW4RY1iIA45t1Wg8Je07dbZulgiMvG3qjLUYhAyC4vmdPvnTwg gOS890IQIW8LDvNdbY1o5FwQhgG+jQaP3Ru75Syw631SI6U+kvNWaNacGACUi3U1A+vu xb0g== MIME-Version: 1.0 References: <1a840c2e-55ac-0ab4-66c4-a1f6a2c4f81a@Shaw.ca> <41f12842-ea43-ff63-a660-26ee3b497c63@SystematicSw.ab.ca> <1b570593-0ec7-0890-26ef-7e7468534f47@SystematicSw.ab.ca> In-Reply-To: From: Erik Soderquist Date: Thu, 28 Mar 2019 14:13:07 -0400 Message-ID: Subject: Re: SSL not required for setup.exe download To: cygwin Content-Type: text/plain; charset="UTF-8" On Fri, Mar 15, 2019 at 8:25 AM Brian Inglis wrote: > ... corporate policies, proxies, firewalls, security products. > Systems or images older than a year may need the new root CA installed - some > enterprises are very selective about including support for anything in their > images - and users may not have root CA store access. I am one of these; a few sites I maintain are behind corporate firewalls that explicitly block access to sites that can't scan the communications on to prevent leaking of sensitive internal data. For these sites I have no choice but to use the http connections to be able to update, and I also download signatures and verify against public keys that the file is indeed the correct file rather than something injected by an MitM attack before executing. (Yes, this has saved my bacon a couple times). If http is disabled, these sites likely will never be updated again. -- Erik -- "I do not think any of us are truly sane, Caleb. Not even you. Courage is not sanity. Being willing to die for someone else is not sanity." ... "Love is not sane, nor is faith." ... "If sanity lacks those things, Caleb, I want no part of it." -- Alexandria Terri in "Weaving the Wyvern" by Alexis Desiree Thorne -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple