Re: client-side signature checking of Debian archives (Re: When should we https our mirrors?)
On Sun, Oct 23, 2016 at 07:28:23PM -0700, Russ Allbery wrote:
> The value of HTTPS lies in its protection against passive snooping. Given
> the sad state of the public CA infrastructure, you cannot really protect
> against active MITM with HTTPS without certificate pinning.
You are implicitely assuming that mirrors can be trusted,
and even that is not true.
Who is operating ftp.cn.debian.org, and who has access to the logfiles
on that server?
Debian would accept debian.nsa.gov as mirror, and the NSA might already
operate or have access at some current mirrors.
> But that's
> fine; active attackers are a much, much rarer attack profile. The most
> likely attack, and the one we're able to protect against here, is passive
> observation of mirror traffic used to build a database of who is using
> what package and at what version. HTTPS doesn't *prevent* this, but it
> requires the attacker to do much more sophisticated traffic analysis, or
> take the *much* more expensive and *far* riskier step of moving to active
> interference with traffic, neither of which nation-state attackers want to
> do and neither of which they have the resources to do *routinely*.
> It won't help if a nation-state actor is targeting you *in particular*.
> But it helps immensely against dragnet surveillance.
No, it does not help much.
When a nation-state actor analyzes all the traffic on a network
connection that also happens to carry the traffic between you and
the Debian mirror you are using, HTTPS won't make a difference.
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed