Re: A Look In the Mirror: Attacks on Package Managers
* Fernando Lemos:
> 1. Man-in-the-middle attacks between clients and security update servers
> 2. Denial-of-service attacks to the security updates infrastructure
> 3. No trusted servers for security updates for testing and unstable
> Using HTTPS for the security update infrastructure could solve #1,
Not really, because the mirrors are already middlemen, so encrypting
the transport to them doesn't change much.
> Now if we had a timestamp in the root metadata updated on a daily
> basis, that would solve #1 and #3
Actually, it wouldn't because we do not provide a secure time source.
pool.ntp.org faces the same theoretical issues as our mirror network.
You'd have to fetch the root metadata from a trusted server over
something like HTTPS (that is, something with authentication and a
challange-response component built in).