[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian mirrors and MITM

On Jul 3, 2014, at 12:46 PM, Hans-Christoph Steiner <hans@at.or.at> wrote:
> SSH uses entirely unsigned keys, and it has proven a lot more reliable than
> HTTPS/TLS.  You use HTTPS/TLS keys the same way as SSH, but TLS requires
> signed keys, self-signed works.  The signatures are only worth the trust path
> behind them, and CAs have not proven to be reliable trust paths.  So if you
> can't rely on the signatures, why bother using them?  This is not just my
> opinion, but of many others.  Google uses SPKI pinning heavily, for example,
> but they still use CA-signed certificates so their HTTPS works with Firefox,
> IE, Opera, etc.

SSH is hand verified when you connect initially (thus creating a “signature”).

Are you are going to hand-verify each signature / key?  And then against what?  Why not just verify the CD download once and be done with it?  If you are paranoid, build a trust relationship with a mirror that provides SSL and save their cert.

Anyway, I’m really over this.

Have a good day.

Reply to: