[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possibly moving Debian services to a CDN

Am 15.10.2013 um 15:51 schrieb Tollef Fog Heen <tfheen@err.no>:

> I'm fundamentally of the opinion that if the NSA or a similar
> organisation wants to track you and is willing to expend that effort on
> tracking you in particular, there is just about nothing you can do about
> it.  As you note, we can't actually control it, just like we can't do it
> today, so the difference becomes «lots of mirrors, vulnerable to smaller
> attackers, but hard to coordinate MITM-ing» vs «fewer mirrors/CDN nodes,
> requires more effort from attackers, easier to MITM».  I don't think it
> makes that much of a difference in terms of cost if the attacker has
> that many resources and is willing to expend the effort.  It seems you
> disagree, and I don't really see us agreeing here, as it's a question of
> tradeoffs and you weigh your tradeoffs differently than I do.

Yes. As a German and activist I value privacy as a fundamental right very high. I know that other people prefer ease of use and don't care whether their government can spy on them. As you said, it's (way too often) a trade-off each person has to choose.

>>>> 2That's a valid point of you, thanks! The use of HTTPS should be
>> encouraged, of course. How would HTTPS with a CDN work? I would
>> believe that the CDN provider will use some kind of SSL proxy or SSL
>> interception techniques. Otherwise you would have the same problems
>> with managing HTTPS with the current mirror network.
>> There are probably these possible ways: 
>> a) CDN provides an HTTPS entry point, but connects to the underlying mirror by plain HTTP. 
>> b) CDN uses DPI and SSL interception to break end-to-end encryption
> You upload your cert and key to the CDN, which then does HTTPS to the
> client.  Whether they do HTTPS to the backend or not depends on the
> CDN.  I know at least some do.

Hmmm, uploading a SSL key to a CDN seems not the right thing to me. 

>> Anyway, I think the discussion about using a CDN is not about technical aspects, but it's a political debate that needs to b
>> held and finally a political decision have to made whether Debian as a
>> Free/Libre Software project/distribution wants to use a CDN and accept
>> the risks that come with that or not.
> Right, there are technical hurdles we need to overcome.  If we can't
> overcome those in a reasonable fashion, the whole exercise becomes
> pointless.

Not quite. Even if some technical issues get solved, some general privacy issue will still stand. And in general it comes down to the question: what is freedom and how much freedom do we want?

Debian as a free software project stands for high level of freedom, like the legendary discussions about non-free and sometimes even contrib showed. This is just a different (high) level of freedom: whether we want centralized services that has the power to control us (I'm exaggerating a little bit here ;)) or want we de-centralized services, even if they have some minor drawbacks in ease of use?

It's basically the same question whether you want to use Windows/OSX or Linux. You can get the black boxes of Windows and OSX and have the ease of use, or you can use Linux because you value the freedom and security that comes with it. 

It's a basic question of freedom, not only a technical one. 

>> Personally I believe, that using a CDN would make live of DSA more
>> easier (you wrote something in a different mail today that current CDN
>> breaks on a weekly basis. Can you elaborate this, maybe on wiki.d.o?)
>> and it might be easier for users.
> The breakage I'm seeing is from apt-get update failing on various hosts
> around the world.  It's usually fine if it's retried 5s later.  And yes,
> the goal here is to free up volunteer time as well as get a better
> experience for the end user.

Yes, I understand your motivation and partially agree with it. :-) 

I would really appreciate a pro/con page about this topic in the wiki. I think a wiki page is better to follow the arguments than you can do on a mailing list. 

>> OTOH I have great privacy concerns of using a CDN. And when the
>> current mirror network will still be maintained, where's the benefit
>> for DSA and the users then at all? Having freedom of choice is always
>> good, so I'd be fine with keeping current mirror network, but having a
>> cdn.debian.org in parallel. When doing fresh installations people
>> should be made aware of privacy concerns when using the CDN (like:
>> "Using a CDN might be easier and faster for you, but Debian doesn't
>> control the CDN and cannot guarantee privacy and data protection").
> That implies we can guarantee privacy and data protection for other
> mirrors, which we can't.

Yes, partially. Contrary to using a CDN where it's privacy and data protection is at large (either it is or it is not granted), a misbehaving single mirror would only violate privacy of those using that particular mirror. 

Ciao...            //      Fon: 0381-2744150
      Ingo       \X/       http://blog.windfluechter.net

gpg pubkey:  http://www.juergensmann.de/ij_public_key.asc

Reply to: