>>Downloading each new browser version using HTTPS (with the previous
release)
>>would be advisable.
>Sorry, don't solve the problem.
I did not mean that it would solve the problem, just that it would make
getting a compromised browser less likely.
>HTTPS / SSL secures only the connection.
>Other attacks are:
>1. compromise the new browser on the server you download from.
>2. compromise the new browser on your local computer.
>The only way out would be:
>1.: the package on the server contains a digital signature
> you can verify with a cert you get or verify on an other way.
> And you install all programs with an local installer which
> don't install packages without valid signature.
> (So By By self extracting programs...)
>2.: while installing the program, you store a secure hash on some
> other, unchangeable media (e.g. stored on CD).
> And you verify the program with this secure hash bevore you start
> the program.
I agree, that signing the code would be better than securing the download.
A new browser should be packaged inside an installation ActiveX for IE and a
SmartUpdate JAR file for Netscape.
>But both don't solve the boostrap problem:
>How do you get secure system you can start from ?
Of course.
Nicolas Roumiantzeff.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
