Re: Debian mirrors and MITM
On 07/03/2014 03:08 PM, Michael Stone wrote:
> On Thu, Jul 03, 2014 at 12:46:45PM -0400, Hans-Christoph Steiner wrote:
>> Google uses SPKI pinning heavily, for example,
>> but they still use CA-signed certificates so their HTTPS works with Firefox,
>> IE, Opera, etc.
> Yes, and MS does similar. The difference is, they own their infrastructure and
> debian relies on donations. It's a lot harder for debian to control the
> certificates on third party machines than it is for a big company to control
> the certificates on its own machines.
> Mike Stone
This is true. But Debian owns apt, and apt is the key piece of software that
has to talk this encrypted protocol. It would be nice if it worked in the
browser, but that is far from a requirement.