Date: Wed, 14 Mar 2001 14:24:31 -0600 From: Bill Fumerola <billf@mu.org> To: John Baldwin <jhb@FreeBSD.org> Cc: Peter Pentchev <roam@orbitel.bg>, freebsd-arch@FreeBSD.org Subject: Re: [PATCH] add a SITE MD5 command to ftpd Message-ID: <20010314142431.P31752@elvis.mu.org> In-Reply-To: <XFMail.010313222710.jhb@FreeBSD.org>; from jhb@FreeBSD.org on Tue, Mar 13, 2001 at 10:27:10PM -0800 References: <20010314000351.N31752@elvis.mu.org> <XFMail.010313222710.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 13, 2001 at 10:27:10PM -0800, John Baldwin wrote:
> As Terry points out, however, this isn't secure, which makes it less useful
> than first appears. His 2 questions at the end are good ones.
Who would use it to mean "secure"? I'd want clients to use it to
determine if they downloaded the file w/o error. Other things
like fenner's scripts could use it to see if the file changed (which
is pretty handy, as someone pointed out, for mirroring software).
Any software author that did use it would have to realize that
they'd have to take the server's answer with a truckload of salt.
The only thing that is minorly unpleasant about this is how non-standard
of a change it is.
--
Bill Fumerola - security yahoo / Yahoo! inc.
- fumerola@yahoo-inc.com / billf@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010314142431.P31752>