[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: No port 443 (https) available at "security.debian.org"-repository

On 26/07/2017 6:20 AM, Adam Borowski wrote:
https provides no protection against targetted attacks by government agents. 
The CA cartel model consists of 400+ CAs, many of them outright controlled
by governments, most of the rest doing what they're told (no, warrants are
are a story for nice kids).  Clients in general trust _any_ CA, which means
you're only as secure as the worst CA.  Ie, https protects you against Joe
Script Kiddie but not against a capable opponent.

Except there are new-ish ways to limit the scope from 400+ CAs to just the one you use.
Certification Authority Authorization (CAA) DNS Resource

... if APT wishes to support this.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: