Re: Debian mirrors and MITM
On Fri, May 30, 2014 at 11:50:32PM +1000, Alfie John wrote:
Several times (public and private) I tried to explain how the download
of APT (the binary itself) on an initial Debian install could be
compromised via MITM since it's over plaintext. Then the verification of
packages could simply be skipped (hence NOP). I'm not sure why you're
bringing libc and libgpg into the conversation.
You were given a solution which is cryptographically sound and with a
verifiable trust path, and you're rejecting it because you simply don't
like it and would rather see a different solution with a weaker trust
path. I'm not sure why you're continuing this argument.
If you want to engage in a serious discussion about enhancing the
current implementation or adding additional options, I'd suggest that
you first study how the current implementation works, why it was
implemented the way it was, the constraints inherent in the distributed
mirror model, etc.