flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael A. Labriola" <labri...@digitalprimates.net>
Subject RE: Signed RSL from Apache
Date Mon, 20 Feb 2012 13:24:32 GMT
>more specifically... If attacker succeeds in the above, every app that wants to use  the
same library version is compromised by that browser cache even after leaving the 'man-in-the-middle'
compromised network.

I am not going to hold my breath on this, but the way to avoid this would be to have adobe
host a minimal-sized, signed rsl, that contained our hashes. Then we have the hashes with
a level of confidence.


View raw message