Hi!
I was wondering if it would be possible to set up HTTPS for the download URLs for the various packages. Given the current state of the internet, and especially given that many of the applications you’re distributing involve providing my administrator credentials, it would go a long way towards ensuring the security of user systems against MITM attacks.
Good point. But I thought signing updates is enough to prevent MITM attacks.
We use Sparkle updater with DSA signatures:
You can see them in our sparkle feeds:
http://updates-s3.binaryage.com/totalfinder-beta.xml
And additionally our packages/binaries are code-signed using Apple’s tools.
Unless we did some implementation mistake MITM attacks shouldn’t be possible.
The problem is that without HTTPS for the original downloads, the user can be MITM’d when they download the original app. An attacker doesn’t ever have to worry about the DSA signatures, because their malicious app could ignore bad signatures or just update from an entirely different source.
What about teaching users to check developer signature when installing the pkg first time?
Users can click the lock icon in the upper-right corner to get information about the signature:
https://dl.dropboxusercontent.com/u/559047/developer-signed-package.png
The problem with SSL infrastructure is: