[klodolph]

This comment appears to add additional, specific information to my general comment rather than disagreeing with what I said, but the comment starts with "no", which implies otherwise.

The core idea here is that SSL is not necessary if the data is signed through some other mechanism.

[mikeash]

I think "no" was due to "you can distribute updates offline or from your own server and devices will still accept the updates." I assume you just meant that as a general thing, but one could read the comment as saying that because iOS signs updates this way, it can do offline updates.