Re: people.debian.org will move from ravel to paradis and become HTTPS only
On Sun, Jul 20, 2014, at 12:06, Tim Retout wrote:
> On 20 July 2014 10:07, Wouter Verhelst <email@example.com> wrote:
> > With the state of the CA cartel these days, I have little
> > trust in the strength of HTTPS as a verification mechanism, and so I
> > wouldn't trust a file to be correct even if it came through an HTTPS
> > connection that validates. Instead, I would only trust such a file if it
> > came with a GPG signature from a key that is in the Debian keyring.
> Good, because that's not what HTTPS does for you. It makes it more
> difficult to watch exactly what you're accessing.
> Suppose for example I uploaded a preseed file to people.debian.org
> that created a Tor relay, and a suitably large government agency
> wanted to see all the IP addresses installing it. With HTTP, they
> just break into the internet backbone at an appropriate point, and log
> every request for that file in a *completely undetectable manner*.
> With HTTPS, they either need to break into the machine running
> people.debian.org, or start presenting a different SSL certificate -
> both things which can potentially be detected.
> Another situation is if a dissident accesses people.debian.org via
> Tor. With HTTP, the operator of the exit node they are using could
> MITM the request and tamper with the file - no state intervention
> required. If it's a web page, they could potentially attempt to
> exploit the browser.
This is excellent summary, thank you Tim. We should not forget that
the metadata are interesting too (and thus we also need dns privacy,
we don't have right now).
Also one of the reasons to encrypt everywhere is that it makes much
harder to decrypt everything. The more encrypted "noise" we have in
the background the better.
P.S.: And I am not known for my love for CAs :)...
Ondřej Surý <firstname.lastname@example.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server