Re: git and https
Clint Byrum <spamaps@debian.org> writes:
> Excerpts from Russ Allbery's message of 2015-05-27 22:23:02 -0700:
>> If you aren't doing certificate pinning, I don't think you can really say
>> this with a straight face.
> The word is "avoids", it is not "eliminates". What ever happened to
> defense in depth? There's no such thing as a perfect solution, but we
> can at least lock the doors, right?
I'm fine with locking the doors. I'm not fine with paying protection
money to a Mafia goon who claims they'll lock your windows, and sort of
sometimes does. It's the extortion component that pisses me off about
HTTPS.
> In the specific case where we'd recommend using https:// instead of
> git:// _for Debian's git services_, the cost noted above would not apply
> for any Debian users because in theory we can use the Debian-specific
> CA.
If we can use a Debian-specific CA, we can do cert pinning, since we're
then assuming we have some control over the client. I was assuming a
general client where we'd have to play nice with the normal CA roots.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: