[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: git and https

Roland Mas <lolando@debian.org> writes:

>   I understand that behemoths such as Iceweasel may take some time to
> move, but maybe Git could be made to use the TLSA records in DNSSEC?
> Postfix does make use of them, and SSH uses their SSHFP cousins, so it's
> not completely an abstract idea.

> Roland,
> who spent some time DNSSECing his infrastructure and hoping it'll be
> worth it in due time.

Yeah, that would be really cool.

Also, for people coming from Debian hosts talking to the Debian
infrastructure, at least in theory we *could* do certificate pinning,
which transforms HTTPS into a worthwhile security protocol.  It's not
exactly trivial to work out the UI and integration problems, and it
doesn't help for people not coming from a Debian system (at least as
much), but it might be worth considering.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: