Re: git and https

To: debian-devel@lists.debian.org
Subject: Re: git and https
From: Roland Mas <lolando@debian.org>
Date: Thu, 28 May 2015 09:33:35 +0200
Message-id: <[🔎] 87zj4pma0g.fsf@placard.fr.eu.org>
In-reply-to: <[🔎] 87pp5l5l8p.fsf@hope.eyrie.org> (Russ Allbery's message of "Wed, 27 May 2015 22:23:02 -0700")
References: <[🔎] 55631103.3020200@zoho.com> <[🔎] 20150525183805.GA2452@x> <[🔎] 20150527080835.GA20359@grep.be> <[🔎] 20150527160230.GA1068@jtriplet-mobl1> <[🔎] 87pp5l5l8p.fsf@hope.eyrie.org>

Russ Allbery, 2015-05-27 22:23:02 -0700 :

> Josh Triplett <josh@joshtriplett.org> writes:
>
>> https:// avoids MITM;
>
> If you aren't doing certificate pinning, I don't think you can really say
> this with a straight face.
>
> It makes MITM moderately harder, at the cost of giving money to a bunch of
> exploitative clowns who have no concept of what security means.

  I understand that behemoths such as Iceweasel may take some time to
move, but maybe Git could be made to use the TLSA records in DNSSEC?
Postfix does make use of them, and SSH uses their SSHFP cousins, so it's
not completely an abstract idea.

Roland,
who spent some time DNSSECing his infrastructure and hoping it'll be
worth it in due time.
-- 
Roland Mas

Indépendant en informatique libre -- Free software freelance
http://www.gnurandal.com/

Reply to:

Follow-Ups:
- Re: git and https
  - From: Russ Allbery <rra@debian.org>
- Re: git and https
  - From: Jeremy Stanley <fungi@yuggoth.org>

References:
- git and https
  - From: "Rebecca N. Palmer" <rebecca_palmer@zoho.com>
- Re: git and https
  - From: Josh Triplett <josh@joshtriplett.org>
- Re: git and https
  - From: Wouter Verhelst <wouter@debian.org>
- Re: git and https
  - From: Josh Triplett <josh@joshtriplett.org>
- Re: git and https
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: git and https
Next by Date: Bug#787058: ITP: astromatic -- Astronomical pipeline software collection
Previous by thread: Re: git and https
Next by thread: Re: git and https
Index(es):
- Date
- Thread