Re: SSL for debian.org/security?

To: debian-security@lists.debian.org
Subject: Re: SSL for debian.org/security?
From: Volker Birk <vb@pibit.ch>
Date: Tue, 29 Oct 2013 05:10:18 +0100
Message-id: <[🔎] 20131029041017.GA497@dingens.org>
In-reply-to: <[🔎] CAAy1gkeUt_jr0uDt0B=HdnAZnmmHDqygrwgYg4dU7X9zjVUrSA@mail.gmail.com>
References: <[🔎] CAAy1gkeUt_jr0uDt0B=HdnAZnmmHDqygrwgYg4dU7X9zjVUrSA@mail.gmail.com>

On Mon, Oct 28, 2013 at 09:31:35PM -0400, Mark Haase wrote:
> It's a bit ironic that the Debian security site doesn't offer SSL, right?
> If an attacker can MITM an organization that uses Debian, then they can
> MITM the Debian security page and control what security bulletins that
> organization can access.

BTW: if the NSA take one single trusted CA (and they did for sure),
HTTPS is b0rken for each site.

Yours,
VB.
-- 
Volker Birk
Oberer Graben 4, 8400 Winterthur, Schweiz
mailto:vb@dingens.org  http://fdik.org

Attachment: pgp8K4_xoeUyD.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: SSL for debian.org/security?
  - From: Vipul Agarwal <vipul@nuttygeeks.com>

References:
- SSL for debian.org/security?
  - From: Mark Haase <mark.haase@lunarline.com>

Prev by Date: Re: SSL for debian.org/security?
Next by Date: Re: SSL for debian.org/security?
Previous by thread: Re: SSL for debian.org/security?
Next by thread: Re: SSL for debian.org/security?
Index(es):
- Date
- Thread