Re: Encrypted repos (https/ftps)

To: debian-mirrors@lists.debian.org
Subject: Re: Encrypted repos (https/ftps)
From: Donald Norwood <dnorwood@portalus.com>
Date: Fri, 10 Oct 2014 18:57:54 -0400
Message-id: <[🔎] 54386472.9070602@portalus.com>
In-reply-to: <[🔎] 20141010195903.GR11748@phys.ethz.ch>
References: <[🔎] 543829E8.4000000@88it.de> <[🔎] 20141010195040.GA13791@roeckx.be> <[🔎] 20141010195903.GR11748@phys.ethz.ch>

Hi *,

On 10/10/2014 03:59 PM, Axel Beckert wrote:

Hi Kurt,

Kurt Roeckx wrote:

The issue is that our ISPs can see the names of the packages that we
download, and i don't think anybody needs to see that. With encrypted
connections this issue would be solved.

Encrypting it will not solve that.  It will only make it slightly
harder.

In don't why that should make it only slightly harder. Please explain.

With SNI only the virtual hostname is transfered unencrypted.

The only chance someone has to get an idea is by doing statistical
analysis about the traffic connection. Which should be way more
difficult if persistent connections and pipelining are used.

Additionally, perfect forward secrecy should be used, too.

Except perfect forward secrecy I would expect all of that being pretty
default as soon as HTTPS is used nowadays.

		Regards, Axel

Please see bug #750522 for the recent among some mirror adminsdiscussing https and Debian mirrors.


Best regards,

Donald

Reply to:

References:
- Encrypted repos (https/ftps)
  - From: DNS <dns@88it.de>
- Re: Encrypted repos (https/ftps)
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: Encrypted repos (https/ftps)
  - From: Axel Beckert <abe@debian.org>

Prev by Date: Re: Encrypted repos (https/ftps)
Next by Date: Changing IP address ftp.kr.debian.org
Previous by thread: Re: Encrypted repos (https/ftps)
Next by thread: Re: Encrypted repos (https/ftps)
Index(es):
- Date
- Thread