Re: Debian mirrors and MITM
On Thu, Jul 03, 2014 at 12:46:45PM -0400, Hans-Christoph Steiner wrote:
Google uses SPKI pinning heavily, for example,
but they still use CA-signed certificates so their HTTPS works with Firefox,
IE, Opera, etc.
Yes, and MS does similar. The difference is, they own their
infrastructure and debian relies on donations. It's a lot harder for
debian to control the certificates on third party machines than it is
for a big company to control the certificates on its own machines.