> When downloading ICS and the OpenSSL binaries you provide, I've 
> never been able to find any sig, sha, or md5 files for checking 
> authenticity.

ICS itself is source code, so in theory is not a security risk.  

We don't provide any authentication for our builds of the OpenSSL tools
because no-one has ever asked, and we don't have the means to easily
automate it.  Doing so would involve time better spent supporting ICS. 

You don't have to use the ICS build OpenSSL tools, there are other
Windows versions out there you can use instead.

One thing that could be done with a new command batch file is to
digitally sign the OpenSSL DLLs, which you can already do for your own
customers.  But ICS does have an authenticode certificate and is not a
company so might have trouble actually buying one (they are expensive)
so they'd probably need to be signed by my company as Magenta Systems
Ltd.  But at least that would protect against tampering.  


To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to