On Wed, 2007-02-21 at 09:38 -0800, David Lutterkort wrote: > I assume you are going the RPM route to make sure the server cert isn't > tampered with in transit; Certainly. Tampering in-transit is marginally easier with the new scheme since it's a lot easier to see the package fly across the wire than it was to pick out the bits when we were blasting a raw ext3 image across the wire.
> though it seems that both when the cert is > installed with an RPM and when the client downloads it itself on the > initial run, you have the exact same security issues: ultimately, > somebody can intercept that download and substitute their own server > cert. Basically yes. jeff _______________________________________________ Stateless-list mailing list [email protected] http://www.redhat.com/mailman/listinfo/stateless-list
