[0x0]

No, iOS updates require online validation because the boot rom will issue a one-time challenge based in part on the device's unique serial number, and it needs to be granted a "ticket" response by the apple servers. This is why you usually can't downgrade iOS versions (as the apple servers will refuse to grant a ticket for old versions). Google keywords: apnonce, apticket, shsh blobs, signing window

[klodolph]

This comment appears to add additional, specific information to my general comment rather than disagreeing with what I said, but the comment starts with "no", which implies otherwise.

The core idea here is that SSL is not necessary if the data is signed through some other mechanism.

[mikeash]

I think "no" was due to "you can distribute updates offline or from your own server and devices will still accept the updates." I assume you just meant that as a general thing, but one could read the comment as saying that because iOS signs updates this way, it can do offline updates.