Re: HTTPS everywhere!
Vincent Lefevre <firstname.lastname@example.org> writes:
> On 2014-06-17 13:20:59 +0100, Simon McVittie wrote:
>> It should be possible to make a CA certificate that is only considered
>> to be valid for the spi-inc.org and debian.org subtrees, and then trust
>> the assertion that SPI control that certificate - but in widely-used
>> applications, that isn't possible. If SPI can sign certificates for
>> debian.org, then they can also sign certificates for my bank, and my
>> browser will think those are just as valid.
> I agree. However I don't think that the particular case of a Debian Root
> CA would be a problem, since you must absolutely trust it. If something
> bad happens at this level, this would mean that downloaded packages from
> debian.org may actually be compromised ones, and in such a case, your
> whose machine should be regarded as compromised.
This is only true if the root CA is maintained with the same level of
security as the PGP signing key for the archive. While that's something
that we could probably do (although it's worth not underestimating how
much care goes into maintaining that key), we cannot maintain the same
level of security on the individual certificates signed by that CA. In
order to use them to secure apt transactions, this necessarily implies
distributing the private keys across our mirror network.
The signing key for the archive is inherently much easier to secure
properly than any user-facing key for a debian.org domain because the
signing key for the archive can live on one and only one machine that is
secured as tightly as we are capable of securing it and which is under the
exclusive control of the relevant core teams in Debian.
Because of that, I would much rather find good ways to trust the PGP
signatures on the archive than to attempt to do anything with X.509. The
trust model and key management properties of X.509 are inherently inferior
for our purposes.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>