This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: [PATCH] Add FAQ entry on how Cygwin counters man-in-the-middle (MITM) attacks
- From: "David A. Wheeler" <dwheeler at dwheeler dot com>
- To: "cygwin" <cygwin at cygwin dot com>
- Cc: "cygwin" <cygwin at cygwin dot com>
- Date: Wed, 01 Apr 2015 11:10:01 -0400 (EDT)
- Subject: Re: [PATCH] Add FAQ entry on how Cygwin counters man-in-the-middle (MITM) attacks
- Authentication-results: sourceware.org; auth=none
- Reply-to: dwheeler at dwheeler dot com
On Wed, 1 Apr 2015 10:30:14 +0200, Corinna Vinschen <corinna-cygwin@cygwin.com> wrote:
> > +<qandaentry id="faq.setup.mitm">
> > +<question><para>How does Cygwin counter man-in-the-middle (MITM) attacks during installation and upgrade?</para></question>
> > +<answer>
>
> The title is too specific, IMHO. What about something along the lines
> of "How Cygwin secures the installation process"?
Okay, switched that to:
<qandaentry id="faq.setup.install-security">
<question><para>How does Cygwin secure the installation and update process?</para></question>
The next question is worded as (which I think contrasts clearly):
<qandaentry id="faq.setup.increase-install-security">
<question><para>What else can I do to ensure that my installation and updates are secure?</para></question>
> > +<para>
> > +A man-in-the-middle (MITM) attack occurs when an attacker secretly relays...
> I would drop this para. Just refer to
> https://en.wikipedia.org/wiki/Man-in-the-middle_attack
> at some convenient point in the following para.
Just jumping into a list seems too abrupt, especially since there's text after the list.
I'll greatly shorten the intro paragraph, and link to Wikipedia.
> We already switched to sha512, so you can skip the entire MD5
> consideration. Just describe the sha512 checking.
Excellent, will do.
> All in all the text looks good to me. You're not interested to improve
> other parts of the documentation as well, by any chance? :)
We'll see :-).
--- David A. Wheeler
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple