[vlc-devel] 0.8.6d Release schedule
funman at videolan.org
Fri Nov 23 16:55:42 CET 2007
Le vendredi 23 novembre 2007 à 15:31 +0100, Remi Denis-Courmont a
> On Fri, 23 Nov 2007 14:04:21 +0100, Rafaël Carré <funman at videolan.org>
> > Are the checksums provided through TLS once the videolan.org server has
> > been authenticated (still with TLS) ?
> I must say, I don't understand how you would authenticate the server
> with HTTP/TLS yet pass the data outside of TLS.
I simply don't know TLS.
> > What would be the extra weight of embedding cryptographic software in
> > VLC, and then just serve checksums and their signature over an insecure
> > channel, then the client do check the checksums' signature with the
> > embedded public key ?
> OpenPGP is not trivial to implement, or even integrate.
> > My point is: TLS is used for transport, but I would prefer a solution
> > like the GPG-signing of debian APT repositories.
> Of course, OpenPGP would be a lot better than TLS here.
> But it ain't going to happen within 0.9.0 let alone 0.8.6d timeframe.
libgcrypt can do public key verification, and is already used in gnutls.
Rafaël Carré <funman at videolan.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
More information about the vlc-devel