[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS everywhere!

On Wed, Jun 18, 2014 at 10:27:23AM -0700, Russ Allbery wrote:
> Luca Filipozzi <lfilipoz@debian.org> writes:
> > On Wed, Jun 18, 2014 at 10:05:32AM -0700, Russ Allbery wrote:
> >> This is only true if the root CA is maintained with the same level of
> >> security as the PGP signing key for the archive.  While that's
> >> something that we could probably do (although it's worth not
> >> underestimating how much care goes into maintaining that key), we
> >> cannot maintain the same level of security on the individual
> >> certificates signed by that CA.  In order to use them to secure apt
> >> transactions, this necessarily implies distributing the private keys
> >> across our mirror network.
> > We _could_ become a PKI and ask that the mirror operators submit CSRs.
> > They would retain the private key, we'd issue a certificate signed by
> > the Debian CA.  We could revoke (hah!) certificates if a mirror operator
> > goes away or misbehaves.  We could configure apt to only accept the
> > Debian CA and certificates it issues, and to fail if the CRL/OCSP is
> > unreachable.
> Sure, but the point is that the private keys for, say, http.us.debian.org
> are still going to live on those distributed mirror machines, over which
> the project has only indirect control, and the compromise of any of those
> keys would mean that the attacker could pretend to be http.us.debian.org.

Very true.

> We've historically had enough problems just keeping the mirrors up to date
> and regularly syncing.  I'm dubious that asking the mirror operator
> volunteers to maintain high-security SSL keys is a good idea.


> It's of course entirely reasonable to enable SSL on the mirrors anyway,
> possibly using a scheme such as this, so that we can get wire privacy of
> what packages people are requesting and downloading,

Exactly.  But the mirror operators can buy a commercial cert for that and we
can use a commercial cert for http.*.debian.org, too.

> but I would not trust
> the keys for anything other than negotiating an encryption layer,
> preferrably with PFS.  I would not rely on them for archive integrity in
> any way, at which point the SSL private keys aren't high-security.

Completely agree.  I far prefer the use of OpenGPG to maintain the integrity of
the archive.  If there are gaps in that, we can work to fix them.

(Thank you for hitting my soft ball out of the park. I think we can conclude
the "let's use Debian CA-signed X.509 certificats for apt" idea as unworkable.)

Luca Filipozzi

Attachment: signature.asc
Description: Digital signature

Reply to: