2012/10/28 Changaco <chang...@changaco.net>: > It doesn't matter what kind of certificate the server uses since the > client generally doesn't know about it, especially on first connection. > Some programs remember the certificate between uses and inform you > when it changes, but that's not perfect either.
In this particular case, cabal can have the public part of the certificate built-in (as it has the web address built in). So once one has a verified installation of cabal, it can verify the server packages without being susceptible to MitM attack (no matter if they're PGP signed or X.509 signed). Best regards, Petr Pudlak _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe