Provide a more secure download mechanism

+1 vote
Hi there,

Please consider serving the multichain binaries over HTTPS and provide a checksum for the tar file. People are doing things like this: https://hub.docker.com/r/kunstmaan/base-multichain/~/dockerfile/

Potential MITM attacks could be trivially exploited against any docker container that is doing this.
asked Jun 30, 2017 by dp_blockparty

2 Answers

0 votes
Thanks for your comment - indeed we'll be moving the entire MultiChain website over to https with the production release.
answered Jul 2, 2017 by MultiChain
+1 vote
FYI the switchover to https/SSL is complete.
answered Jul 9, 2017 by MultiChain
Hey that is great news, but I think it is still important for you to provide a shasum of the tar file so that it can be verified that it has not been modified in transit after being downloaded. Even over SSL this is an issue to be concerned with.
...