To protect against most of the Mitm attacks, where attackers can replace the Github page with their own malicious website, we can embed CA certs within the stew binary itself.
Currently, the Github page is signed by DigiCert CA:
The stew could, by default, use embedded CAs in the HTTP clients. That would protect against most of the Mitm attacks.
We could add a series of command-line opt/config settings, like --use-system-cacerts, or --use-cacerts so people could tell stew to not use embedded CA, or use customized ones.
To protect against most of the Mitm attacks, where attackers can replace the Github page with their own malicious website, we can embed CA certs within the stew binary itself.
Currently, the Github page is signed by DigiCert CA:
The stew could, by default, use embedded CAs in the HTTP clients. That would protect against most of the Mitm attacks.
We could add a series of command-line opt/config settings, like
--use-system-cacerts
, or--use-cacerts
so people could tell stew to not use embedded CA, or use customized ones./kind security