[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: people.debian.org will move from ravel to paradis and become HTTPS only

On Sun, Jul 20, 2014, at 08:15, Wouter Verhelst wrote:
> Additionally, since debian.org uses DNSSEC, if you can somehow MITM
> people.debian.org then due to DANE you can MITM it for HTTP as well as
> HTTPS, so forcing HTTPS really doesn't gain you much.

But that implies that the attacker has access to private keys, and in
case you are so screwed. The possibility of stolen private keys should
not be argument for not implementing security.

> > There are lots of attack vectors.  It's not a response to a single
> > attack being exploited in the wild.
> So name one?

Pervasive monitoring. Really we should introduce encryption

Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

Reply to: