Re: [PATCH] Add FAQ entry on how Cygwin counters man-in-the-middle (MITM) attacks

["David A. Wheeler" <dwheeler at dwheeler dot com>]

On Wed, 1 Apr 2015 10:30:14 +0200, Corinna Vinschen <corinna-cygwin@cygwin.com> wrote:
> > +<qandaentry id="faq.setup.mitm">
> > +<question><para>How does Cygwin counter man-in-the-middle (MITM) attacks during installation and upgrade?</para></question>
> > +<answer>
> 
> The title is too specific, IMHO.  What about something along the lines
> of "How Cygwin secures the installation process"?

Okay, switched that to:
<qandaentry id="faq.setup.install-security">
<question><para>How does Cygwin secure the installation and update process?</para></question>

The next question is worded as (which I think contrasts clearly):
<qandaentry id="faq.setup.increase-install-security">
<question><para>What else can I do to ensure that my installation and updates are secure?</para></question>

> > +<para>
> > +A man-in-the-middle (MITM) attack occurs when an attacker secretly relays...
> I would drop this para.  Just refer to 
> https://en.wikipedia.org/wiki/Man-in-the-middle_attack
> at some convenient point in the following para.

Just jumping into a list seems too abrupt, especially since there's text after the list.
I'll greatly shorten the intro paragraph, and link to Wikipedia.

> We already switched to sha512, so you can skip the entire MD5
> consideration.  Just describe the sha512 checking.

Excellent, will do.

> All in all the text looks good to me.  You're not interested to improve
> other parts of the documentation as well, by any chance? :)

We'll see :-).

--- David A. Wheeler

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple