Re: some feedback about security from the user's point of view

[Michael Gilbert <michael.s.gilbert@gmail.com>]

On Sun, 23 Jan 2011 20:22:34 -0600 Raphael Geissert wrote:

> Michael Gilbert wrote:
> > There is no need to worry about additional load on the mirrors since
> > the only thing that needs to be verifiable are the checksums
> > themselves, and that could easily be hosted on a centralized https
> > server separate from the mirror system.
> 
> The Debian CDs and the Archive Signing keys can be found at keyring.d.o

Right, I suppose that even the checksums themselves don't need to be
served over https (as long as they're signed by an official key that
can be obtained in a secure manner; via web of trust, over https, or
otherwise).

> Additionally, the archive signing key can be found at:
> https://ftp-master.debian.org/keys.html

The problem from Naja's perspective is that the SPI cert was not issued
by a CA, and for (some) users outside the web of trust that in itself is
a non-starter.  In that sense, an official CA cert would be a modest
improvement in security (even with all of its flaws/shortcomings);
although the ideal solution would be to get the user to become a part of
the web of trust.

Best wishes,
Mike