incubator-flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Arno" <da...@davidarno.org>
Subject RE: Signed RSL from Apache
Date Mon, 20 Feb 2012 11:50:56 GMT
> From: Paul Evans [mailto:paulevans@creative-cognition.co.uk] 
> Sent: 20 February 2012 10:20
>
> From previous discussion, Alex raised concern of potential exposure to a 
> man-in-the-middle attack - unless we find a way of getting them signed.

Do they really need signing? If we generate MD5 hashes for the SDK SWCs,
then the loader could check those hashes on load. Would that not be secure
enough, or is there a flaw in that idea?

David.


Mime
View raw message