[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Encrypted repos (https/ftps)

Hi *,

On 10/10/2014 03:59 PM, Axel Beckert wrote:
Hi Kurt,

Kurt Roeckx wrote:
The issue is that our ISPs can see the names of the packages that we
download, and i don't think anybody needs to see that. With encrypted
connections this issue would be solved.
Encrypting it will not solve that.  It will only make it slightly
In don't why that should make it only slightly harder. Please explain.

With SNI only the virtual hostname is transfered unencrypted.

The only chance someone has to get an idea is by doing statistical
analysis about the traffic connection. Which should be way more
difficult if persistent connections and pipelining are used.

Additionally, perfect forward secrecy should be used, too.

Except perfect forward secrecy I would expect all of that being pretty
default as soon as HTTPS is used nowadays.

		Regards, Axel

Please see bug #750522 for the recent among some mirror admins discussing https and Debian mirrors.

Best regards,


Reply to: