The idea was to display a checksum of the files on such a https page. Like for example https://www.freebsd.org/releases/9.1R/announce.html at the bottom of the page.
On Wed, Sep 11, 2013 at 7:18 PM, Stuart Henderson <st...@openbsd.org> wrote: > On 2013/09/11 16:46, Janne Johansson wrote: > > So you publish something on a HTTPS page, which means that when the > browser > > says "green padlock", it only says: "this site was using a key signed by > > someone who in turn was signed by someone out of a few hundred CAs in a > > list which include companies in scary countries*". That will help a lot. > > Also it says nothing about the contents of the *files* on that site... >