[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: concrete steps for improving apt downloading security and privacy

On Sat, Jul 5, 2014 at 6:14 AM, Hans-Christoph Steiner <hans@at.or.at> wrote:
> [...]
> I'm with Lou on this one,

I'm not surprised.

> there are already much bigger and better data sets
> for that.

So we should give them even more?

> According to this paper[1], Fedora 11+, Red Hat, SUSE, Google
> updates like Chrome and Android tools, Adobe AIR, Firefox, Python pypi, and
> others all use HTTPS for their updates.

Pardon me for being obnoxious, but do you really need to refer to
someone else's research[1] for that little gem?

Well, I suppose, if we were on the user list, we might assume that
some of those participating might not be using those tools, or might
not be noticing what they are downloading. In which case, it would be
nice, if you were assuming such, to provide a
page/paragraph/table/etc. number, such as

    Table 2, found in section 5, on p. 5 of

(Or of <https://isis.poly.edu/~jcappos/papers/samuel_tuf_ccs_2010.pdf>.
I guess the reason you gave me two links to the same paper is so that
if one is unreachable we might be able to get to the other?)

>  Debian is behind the curve here,

So we aren't fashionable?

> HTTPS for updates is becoming the norm.

Lemmings, everyone?

> Plus if the HTTPS it set up with
> "Forward Secrecy" ciphers, the keys are frequently rotated.

The MacGuffins?

But what is the Holy Grail for them? (Yeah, Holy Grails are also
MacGuffins, but keys are red herring-style MacGuffins here.)

> And on the flipside of Joel's argument, right now, the NSA tries to store as
> much encrypted data as possible.

They admit as much.

> That way when they get the key later, they
> can go back and decrypt old traffic.

Do we really think that's the only reason they store it?

> So generating more HTTPS traffic means
> they can't keep up as much.

Hmm. I wonder which they are going to have an easier time budgeting --
adding more off-line storage or adding more on-line CPUs+storage? You
do understand that emulating distribution networks takes CPUs?

> But this is probably not really important in this
> case since they would probably notice that the sites are mirrors and ignore
> the traffic.


> .hc
> [1] http://freehaven.net/~arma/tuf-ccs2010.pdf  or
> https://isis.poly.edu/~jcappos/papers/samuel_tuf_ccs_2010.pdf

Joel Rees

Be careful where you see conspiracy.
Look first in your own heart.

Reply to: