[vlc-devel] 0.8.6d Release schedule

Rafaël Carré funman at videolan.org
Fri Nov 23 16:55:42 CET 2007


Le vendredi 23 novembre 2007 à 15:31 +0100, Remi Denis-Courmont a
écrit :
> On Fri, 23 Nov 2007 14:04:21 +0100, Rafaël Carré <funman at videolan.org>
> wrote:
> > Are the checksums provided through TLS once the videolan.org server has
> > been authenticated (still with TLS) ?
> 
> I must say, I don't understand how you would authenticate the server
> with HTTP/TLS yet pass the data outside of TLS.

I simply don't know TLS.

> > What would be the extra weight of embedding cryptographic software in
> > VLC, and then just serve checksums and their signature over an insecure
> > channel, then the client do check the checksums' signature with the
> > embedded public key ?
> 
> OpenPGP is not trivial to implement, or even integrate.
> 
> > My point is: TLS is used for transport, but I would prefer a solution
> > like the GPG-signing of debian APT repositories.
> 
> Of course, OpenPGP would be a lot better than TLS here.
> But it ain't going to happen within 0.9.0 let alone 0.8.6d timeframe.

libgcrypt can do public key verification, and is already used in gnutls.

-- 
Rafaël Carré <funman at videolan.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20071123/132b4d48/attachment.sig>


More information about the vlc-devel mailing list