[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: thoughts on blocking and downgrade attacks agains secure APT

(sorry for the double posting,.. my MUA crashed in between)

One addition immediately which is however not directly related to the

I stumbled across those issues when I spent some thoughts on the
check_apt test from Nagios.

I wanted a fully secure way to be notified when updates are in place
(but not having them automatically installed).

As you can imagine now, the issues described above apply to check_apt,
too, and an attacker could trick me into not recognising available

I've opened a Nagios bug #300
(http://tracker.nagios.org/view.php?id=300) asking for improvements.
I describe the general issue there, but I have so far no details on how
it should securely "access" APT to gather the necessary information.

Which Debian secure APT experts could I ask for help with this? :)


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: