[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS everywhere!

On Wed, 2014-06-18 at 10:05 -0700, Russ Allbery wrote: 
> This is only true if the root CA is maintained with the same level of
> security as the PGP signing key for the archive.
Well and currently, people trust GANDI when they download (then possibly
forged) Debian images?
Actually even less, since on a short glance I couldn't find any
verification information on the site... and you're redirected to some
http-only mirror.

>  While that's something
> that we could probably do (although it's worth not underestimating how
> much care goes into maintaining that key)
Well I'd say it would need about the same care that is e.g. needed to
maintain debian-keyring...
If the system of issuing certificates under a Debian CA is of roughly
the same security level than e.g. the one that controls how is allowed
to upload packages to Debian and who not... it should be plenty enough.

And if your concern is that a Debian CA could be used to forge
certificates for non-Debian stuff... given that we have >150 root certs
in the Mozilla bundle... many of them already completely untrustworthy
and many of them probably introducing intermediate CAs which are even
less trustworthy... I wouldn't worry a lot here.

>  we cannot maintain the same
> level of security on the individual certificates signed by that CA.
Well sure, but that just means that the individual nodes "protected" by
these certs are at risk,... e.g. your https for bugs.debian.org.
And I don't see why there should be any difference here based on which
CA issued such individual cert.
If the server is vulnerable, than you're screwed - no matter whether
it's GANDI, Verisign, or Debian CA issued.

> In
> order to use them to secure apt transactions, this necessarily implies
> distributing the private keys across our mirror network.
Whew... I've never talked bout that :D
Don't get me wrong: Whenever we have the change to secure something with
OpenPGP - use that (TLS/SSL and X.509 have so many inherent issues...
try to avoid whenever possible).
Only for services where this is not realistic (i.e. everything
web-based): use our own X.509 CA.

When I "complained" about the use of GANDI I rather referred to anything
webbased and all possible attack vectors originating in that:
- e.g. maintainers sharing/merging code via some webbased service like
paste.debian.net ... or via the BTS. It could be tricky code where an
attacker could introduce a non-obvious security hole, and if that is
merged just because of trusting some external X.509 certs... not so
- users could look up security issues (https://www.debian.org/security/)
or grave bugs (via apt-listbugs)... and an attacker could tell them
"everything's fine" or just not list any issues at all.

> Because of that, I would much rather find good ways to trust the PGP
> signatures on the archive than to attempt to do anything with X.509.  The
> trust model and key management properties of X.509 are inherently inferior
> for our purposes.
Absolutely agreed... as said... I was just referring to any services
where we have not much alternative than using X.509 (e.g. everything
https - and I explicitly don't count in the APT https transport mode
(which I think makes not much sense anyway)).


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: