Re: people.debian.org will move from ravel to paradis and become HTTPS only

To: debian-devel@lists.debian.org
Cc: Tim Retout <diocles@debian.org>, Tollef Fog Heen <tfheen@err.no>, debian-admin@lists.debian.org
Subject: Re: people.debian.org will move from ravel to paradis and become HTTPS only
From: Wouter Verhelst <w@uter.be>
Date: Sun, 20 Jul 2014 13:17:30 +0200
Message-id: <[🔎] 1716734.FLO03RQ0kY@grep.be>
In-reply-to: <[🔎] CADc0ge-AGLeH5EyfkM13MvFXhmUmdPaMcaMOFaZBzqgAshMygg@mail.gmail.com>
References: <20140713201310.GA27144@ftbfs.de> <[🔎] 2398517.9WCPudKZLW@grep.be> <[🔎] CADc0ge-AGLeH5EyfkM13MvFXhmUmdPaMcaMOFaZBzqgAshMygg@mail.gmail.com>

Op zondag 20 juli 2014 11:06:00 schreef Tim Retout:
> On 20 July 2014 10:07, Wouter Verhelst <w@uter.be> wrote:
> > With the state of the CA cartel these days, I have little
> > trust in the strength of HTTPS as a verification mechanism, and so I
> > wouldn't trust a file to be correct even if it came through an HTTPS
> > connection that validates. Instead, I would only trust such a file if it
> > came with a GPG signature from a key that is in the Debian keyring.
> 
> Good, because that's not what HTTPS does for you.  It makes it more
> difficult to watch exactly what you're accessing.
> 
> Suppose for example I uploaded a preseed file to people.debian.org
> that created a Tor relay, and a suitably large government agency
> wanted to see all the IP addresses installing it.  With HTTP, they
> just break into the internet backbone at an appropriate point, and log
> every request for that file in a *completely undetectable manner*.
> With HTTPS, they either need to break into the machine running
> people.debian.org, or start presenting a different SSL certificate -
> both things which can potentially be detected.
> 
> Another situation is if a dissident accesses people.debian.org via
> Tor.  With HTTP, the operator of the exit node they are using could
> MITM the request and tamper with the file - no state intervention
> required.  If it's a web page, they could potentially attempt to
> exploit the browser.

These are all good arguments for enabling HTTPS and making it the
default (which I've said repeatedly is a move that I support, or at the
very least don't oppose), but not for *disabling* the possibility of
plain HTTP.

"There might be a reason why a user would want to use encryption" does
not negate "there might be a reason why a user would *not* want to use
encryption". I'm claiming the reasons as in the latter exist; one (and
not the least) of which is that downloading files off people.debian.org
from d-i preseeding happens today, is a valid use of that service, and
cannot be done if HTTP is disabled. If you think there aren't such valid
reasons, you either need to show me why my claim is wrong, or why the
costs to doing so outweigh the benefits. So far I haven't seen anyone do
that.

[...]

-- 
It is easy to love a country that is famous for chocolate and beer

  -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26

Reply to:

Follow-Ups:
- Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: Peter Palfrader <weasel@debian.org>

References:
- Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: Wouter Verhelst <w@uter.be>
- Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: Tim Retout <diocles@debian.org>

Prev by Date: Re: people.debian.org will move from ravel to paradis and become HTTPS only
Next by Date: Re: people.debian.org will move from ravel to paradis and become HTTPS only
Previous by thread: Re: people.debian.org will move from ravel to paradis and become HTTPS only
Next by thread: Re: people.debian.org will move from ravel to paradis and become HTTPS only
Index(es):
- Date
- Thread