[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: git and https

Clint Byrum <spamaps@debian.org> writes:
> Excerpts from Russ Allbery's message of 2015-05-27 22:23:02 -0700:

>> If you aren't doing certificate pinning, I don't think you can really say
>> this with a straight face.

> The word is "avoids", it is not "eliminates". What ever happened to
> defense in depth? There's no such thing as a perfect solution, but we
> can at least lock the doors, right?

I'm fine with locking the doors.  I'm not fine with paying protection
money to a Mafia goon who claims they'll lock your windows, and sort of
sometimes does.  It's the extortion component that pisses me off about
HTTPS.

> In the specific case where we'd recommend using https:// instead of
> git:// _for Debian's git services_, the cost noted above would not apply
> for any Debian users because in theory we can use the Debian-specific
> CA.

If we can use a Debian-specific CA, we can do cert pinning, since we're
then assuming we have some control over the client.  I was assuming a
general client where we'd have to play nice with the normal CA roots.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: