Re: HTTPS everywhere!
Luca Filipozzi <firstname.lastname@example.org> writes:
> On Wed, Jun 18, 2014 at 10:05:32AM -0700, Russ Allbery wrote:
>> This is only true if the root CA is maintained with the same level of
>> security as the PGP signing key for the archive. While that's
>> something that we could probably do (although it's worth not
>> underestimating how much care goes into maintaining that key), we
>> cannot maintain the same level of security on the individual
>> certificates signed by that CA. In order to use them to secure apt
>> transactions, this necessarily implies distributing the private keys
>> across our mirror network.
> We _could_ become a PKI and ask that the mirror operators submit CSRs.
> They would retain the private key, we'd issue a certificate signed by
> the Debian CA. We could revoke (hah!) certificates if a mirror operator
> goes away or misbehaves. We could configure apt to only accept the
> Debian CA and certificates it issues, and to fail if the CRL/OCSP is
Sure, but the point is that the private keys for, say, http.us.debian.org
are still going to live on those distributed mirror machines, over which
the project has only indirect control, and the compromise of any of those
keys would mean that the attacker could pretend to be http.us.debian.org.
We've historically had enough problems just keeping the mirrors up to date
and regularly syncing. I'm dubious that asking the mirror operator
volunteers to maintain high-security SSL keys is a good idea.
It's of course entirely reasonable to enable SSL on the mirrors anyway,
possibly using a scheme such as this, so that we can get wire privacy of
what packages people are requesting and downloading, but I would not trust
the keys for anything other than negotiating an encryption layer,
preferrably with PFS. I would not rely on them for archive integrity in
any way, at which point the SSL private keys aren't high-security.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>