[bob_roboto]

Ultimately this probably helps increase the overall internet security. Although in recent years it was available from a TLS secured source [0], the putty.org site (which might or might not be operated by the maintainers) is still not https secured. Given that probably tens or hundreds of thousands downloaded it from there (imagine, getting an SSH client from an unknown source!) I'm surprised not more happened. Other than that, thanks for the great work maintaining this project which helped me and others a great deal throughout my career. Countless times have I been stranded on a Windows server and quickly needed an SSH client.

[0]https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.ht...

[huhtenberg]

Putty binaries are all signed, which is what you should be looking at when authenticating a release. Whether you fetch them over SSL is of little importance.

[bob_roboto]

You are, of course, absolutely correct. And I hope this is what internal package maintainers in large companies and individuals using putty as their standard SSH client do. However, for many of us putty is a backup when they are not on their linux/osx machine and just quickly need an SSH client to do something. The workflow there is google->putty->first result->download->execute. You absolutely shouldn't, but we also shouldn't drink and sleep 8h a night :)

[ultrafilter]

I put a copy of putty at a short but private url at my own domain so that I can get it over https.

[icebraining]

How do you know the public key is correct?

[xenophonf]

The level of assurance you get with a signing key downloaded over HTTP and one downloaded over HTTPS is roughly equivalent. Sure, HTTPS gives you a degree of protection from MitM attacks, but it won't stop attackers (whether criminals or militaries) from hacking the web server and changing both the software and the signing keys---after all, if one is possible, so is the other.

[icebraining]

Clearly we have different concepts of "roughly equivalent" :) One means everyone on your network can trivially serve you trojanized binaries, the other doesn't.

[xenophonf]

I think hacking a web server is a lot easier than hacking a network connection. Hacking web servers is well within the capabilities of your average vandal, while hacking network links in order to perform a MitM attack requires significant resources (e.g., those of a large criminal syndicate or an intelligence service, but I repeat myself).

Edited to add: ARP-spoofing the right LAN requires spearphishing and APT, which I think also require significant resources.

[icebraining]

Sure, against a complete stranger the web server might be more vulnerable, but sometimes the attackers are already in our LANs :)

I was thinking more about employees, or students at universities, or such. I believe I've seen tools that ARP-spoof and then automatically detect downloads of ELF or PE files and trojanize them, all without requiring almost any knowledge from the attacker. I don't know if any of these tools detect Putty and fix its signature too, but it wouldn't be hard to do.

[kuschku]

That still allows an attacker to deliver you an older binary than you previously had installed — potentially one with major vulnerabilities.

Signing doesn't prevent downgrade attacks, HTTPS does.

[userbinator]

You would also look at the version number when you check the signature...

[kuschku]

The signature is automatically verified by the system — when you open the installer, it either shows "unknown developer" or "PuTTY team" in the UAC dialog. Which is easy to verify.

Do you know the version of PuTTY you have installed without checking?

[mkj]

putty.org is owned by a competitor, Bitvise

[phit_]

putty.org links to the official downloads nowadays