[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS metadata in Mirrors.masterlist?

On Thu, 06 Apr 2017, Axel Beckert wrote:
  SSL certificate for ftp*.*.debian.org or similar.

On 09.04.17 09:38, Peter Palfrader wrote:
That's not how wildcards work.

true. to provide more details:

wildcard in certificate applied for one level in domain name, thus
*.debian.org will apply for sk.debian.org, but not ftp.sk.debian.org.

Even if it did - break into one server would mean it has to be replaced on all
servers - the false sense of security would be created.

using https would require all mirror admins to have their own certificates.
Not even mentioning redirecting from one server to another.

There's no sane way of doing certificates when the debian mirror network
consists of volunteers.

Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept.

Reply to: