Re: client-side signature checking of Debian archives
Ivan Shmakov <email@example.com> writes:
> My understanding is that the suggestion being discussed is to
> use TLS /alongside/ the usual Debian/APT signatures – not
> instead of them; and the primary goal is to improve user’s
> privacy. That is: only the mirror operator will remain
> empowered to know the packages the user’s interested in.
While I have no objections to using TLS for Debian mirrors, it's worth not
overstating the benefits here. Package retrieval from a public mirror is
susceptible to traffic analysis. You can make some pretty good guesses
from the size of the object downloaded, particularly if you can watch over
time and see what happens when updated packages are released.
Of course, it's much harder than just passively reading the HTTP GET
commands. It probably requires someone write code to map object sizes to
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>