[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian mirrors and MITM

On Fri, May 30, 2014 at 09:43:47PM +0200, Erwan David wrote:
Note that at least debian.org DNS is segned by DNSSEC and DANE is used,
which allows to check that the certificate used by a debian.org site is
the real one.

We're not at the point where that can be relied on in the real world. There are still resolvers that filter out DNSSEC records. (Sad, but true.)

Mike Stone

Reply to: