X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:content-type:content-transfer-encoding
	:mime-version:from:reply-to:to:cc:subject:date:in-reply-to
	:message-id; q=dns; s=default; b=GV0AefGbb10hoUDeeqOzeCv/RlByR1t
	EEInzno9FEvA22QRPXzbggCA50yiNnLScuu898TyDXkZaS4DMOD93D41STfUcLU0
	vKz/8PuHvUXN8QusLRtnFflj6oJ+GteeZSw3OXUzSS5epTaqYdpoGd3le+izopK/
	dMxkzn/ZPXaM=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:content-type:content-transfer-encoding
	:mime-version:from:reply-to:to:cc:subject:date:in-reply-to
	:message-id; s=default; bh=WaO+VhztnTUNNViz19gKP6FOGOw=; b=ZHxhm
	QXAbYyq3nkLRkCY69ye3ZRZp3Anhf102rumsH8oMsE4SGQiy/yxV56ZbFaZS+4zb
	OY82aFK//EvN5a6GlFJVa5lBLn+Ws0RIPLiP3Z9Wk+74akgdv6j7MP/kSDuKtR8j
	eIXrwRx1mjKD+qcyH8FWV0R4WiED7w15/G5S9U=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_00,SPF_PASS,UNPARSEABLE_RELAY autolearn=ham version=3.3.2
X-HELO: aibo.runbox.com
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
MIME-Version: 1.0
From: "David A. Wheeler" <dwheeler AT dwheeler DOT com>
Reply-To: dwheeler AT dwheeler DOT com
To: "cygwin" <cygwin AT cygwin DOT com>
CC: "cygwin" <cygwin AT cygwin DOT com>
Subject: Re: [PATCH] Add FAQ entry on how Cygwin counters man-in-the-middle (MITM) attacks
Date: Wed, 01 Apr 2015 11:10:01 -0400 (EDT)
In-Reply-To: <20150401083014.GC493@calimero.vinschen.de>
Message-Id: <E1YdKHJ-0001C1-TW@rmm6prod02.runbox.com>
X-IsSubscribed: yes
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id t31FAOtU022486

On Wed, 1 Apr 2015 10:30:14 +0200, Corinna Vinschen <corinna-cygwin AT cygwin DOT com> wrote:
> > +<qandaentry id="faq.setup.mitm">
> > +<question><para>How does Cygwin counter man-in-the-middle (MITM) attacks during installation and upgrade?</para></question>
> > +<answer>
> 
> The title is too specific, IMHO.  What about something along the lines
> of "How Cygwin secures the installation process"?

Okay, switched that to:
<qandaentry id="faq.setup.install-security">
<question><para>How does Cygwin secure the installation and update process?</para></question>

The next question is worded as (which I think contrasts clearly):
<qandaentry id="faq.setup.increase-install-security">
<question><para>What else can I do to ensure that my installation and updates are secure?</para></question>

> > +<para>
> > +A man-in-the-middle (MITM) attack occurs when an attacker secretly relays...
> I would drop this para.  Just refer to 
> https://en.wikipedia.org/wiki/Man-in-the-middle_attack
> at some convenient point in the following para.

Just jumping into a list seems too abrupt, especially since there's text after the list.
I'll greatly shorten the intro paragraph, and link to Wikipedia.

> We already switched to sha512, so you can skip the entire MD5
> consideration.  Just describe the sha512 checking.

Excellent, will do.

> All in all the text looks good to me.  You're not interested to improve
> other parts of the documentation as well, by any chance? :)

We'll see :-).

--- David A. Wheeler

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple