Re: people.debian.org will move from ravel to paradis and become HTTPS only

To: debian-devel@lists.debian.org, debian-admin@lists.debian.org
Subject: Re: people.debian.org will move from ravel to paradis and become HTTPS only
From: Ondřej Surý <ondrej@sury.org>
Date: Sun, 20 Jul 2014 09:23:55 +0200
Message-id: <[🔎] 1405841035.16130.143560421.61491AAC@webmail.messagingengine.com>
In-reply-to: <[🔎] 1537194.az5tucaBzH@grep.be>
References: <20140713201310.GA27144@ftbfs.de> <[🔎] 66954276.LP9JdarkQP@grep.be> <[🔎] 877g39f4rs.fsf@xoog.err.no> <[🔎] 1537194.az5tucaBzH@grep.be>

On Sun, Jul 20, 2014, at 08:15, Wouter Verhelst wrote:
> Additionally, since debian.org uses DNSSEC, if you can somehow MITM
> people.debian.org then due to DANE you can MITM it for HTTP as well as
> HTTPS, so forcing HTTPS really doesn't gain you much.

But that implies that the attacker has access to private keys, and in
this
case you are so screwed. The possibility of stolen private keys should
not be argument for not implementing security.

> > There are lots of attack vectors.  It's not a response to a single
> > attack being exploited in the wild.
> 
> So name one?

Pervasive monitoring. Really we should introduce encryption
*everywhere*.

O.
-- 
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

Reply to:

Follow-Ups:
- Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: Matthias Urlichs <matthias@urlichs.de>
- Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: Wouter Verhelst <w@uter.be>
- Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: Steve Langasek <vorlon@debian.org>
- Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: Peter Palfrader <weasel@debian.org>

References:
- Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: Wouter Verhelst <w@uter.be>
- Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: Tollef Fog Heen <tfheen@err.no>
- Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: Wouter Verhelst <w@uter.be>

Prev by Date: Re: people.debian.org will move from ravel to paradis and become HTTPS only
Next by Date: Bug#755382: ITP: fonts-adobe-sourcehansans-cn -- “Source Han Sans CN” A sans-serif Pan-CJK font family (CN subset) that is offered in seven weights
Previous by thread: Re: RFH Packaging DNSSEC/TLSA Validator
Next by thread: Re: people.debian.org will move from ravel to paradis and become HTTPS only
Index(es):
- Date
- Thread