[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Encrypted repos (https/ftps)

Hi Kurt,

Kurt Roeckx wrote:
> > The issue is that our ISPs can see the names of the packages that we
> > download, and i don't think anybody needs to see that. With encrypted
> > connections this issue would be solved.
> Encrypting it will not solve that.  It will only make it slightly
> harder.

In don't why that should make it only slightly harder. Please explain.

With SNI only the virtual hostname is transfered unencrypted.

The only chance someone has to get an idea is by doing statistical
analysis about the traffic connection. Which should be way more
difficult if persistent connections and pipelining are used.

Additionally, perfect forward secrecy should be used, too.

Except perfect forward secrecy I would expect all of that being pretty
default as soon as HTTPS is used nowadays.

		Regards, Axel
 ,''`.  |  Axel Beckert <abe@debian.org>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE
  `-    |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5

Reply to: