If end-to-end sec (e.g., crypto signatures) are used, like say with Debian packa... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		what_the_diffie on June 13, 2015 \| parent \| context \| favorite \| on: Signify: Securing OpenBSD from Us to You If end-to-end sec (e.g., crypto signatures) are used, like say with Debian packages which uses GPG, packages and metadata can be released over http without a problem.

nickpsecurity on June 13, 2015 [–]

Exactly. One of many reasons the developers went with an end-to-end solution instead of HTTPS. It makes the transport mechanism moot except for the initial key exchange.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact