Re: concrete steps for improving apt downloading security and privacy

To: Andrea Zwirner <andrea@linkspirit.org>
Cc: debian-security@lists.debian.org
Subject: Re: concrete steps for improving apt downloading security and privacy
From: Pedro Worcel <pedro@worcel.com>
Date: Thu, 10 Jul 2014 01:42:59 -0800
Message-id: <[🔎] CAPS+U9-NWMAKgB30P6VzA63wgPBG+-nNrAxO4nTBGyGktkay6g@mail.gmail.com>
In-reply-to: <[🔎] 20140707221335.7d759c5a7898817f0ed1dde5@linkspirit.org>
References: <[🔎] 53B6150A.3000602@at.or.at> <[🔎] CAAr43iOTxVcCGyh5+d4VA43279Np6cKm9=4sQ-wL0A1v8J5oOA@mail.gmail.com> <[🔎] 53B6CBAE.4040602@louruppert.com> <[🔎] CAAr43iOtff6hdoy7ES4Pv2JPJCW5zvEUkfCGpkhRK_N2e+1yuw@mail.gmail.com> <[🔎] 53BA0685.9050303@louruppert.com> <[🔎] CAAr43iMdc=B7aW8eOAszJaFiz8msVMaz8Aw9P4ZzPvkQbjPtsg@mail.gmail.com> <[🔎] 20140707221335.7d759c5a7898817f0ed1dde5@linkspirit.org>

2014-07-07 12:13 GMT-08:00 Andrea Zwirner <andrea@linkspirit.org>:

Can you proof it?

Or maybe, you can tell the list what the attached image - that is
encrypted with Moritz Muehlenhoff's and Florian Weimer's public keys -
represent?

Cheers (and thanks Mr. Moritz and Mr. Florian - who were the only I had
in my keyring - to accept being the judges of the challenge). :-)

I am very new with crypto, but

I do not think he will be able to prove it with cryptography such as is used in modern browsers, maybe in ECB mode as described here: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic%20codebook%20%28ECB%29

HTTPs hardly solves any problem with state-level monitoring, I don't think, after all, CAs can be compelled to produce certs, or even compromised (e.g. http://googleonlinesecurity.blogspot.co.nz/2014/07/maintaining-digital-certificate-security.html )

Implementing cert pinning OTOH, that might be better.

Reply to:

References:
- concrete steps for improving apt downloading security and privacy
  - From: Hans-Christoph Steiner <hans@at.or.at>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Joel Rees <joel.rees@gmail.com>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Lou RUPPERT <himself@louruppert.com>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Joel Rees <joel.rees@gmail.com>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Lou RUPPERT <himself@louruppert.com>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Joel Rees <joel.rees@gmail.com>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Andrea Zwirner <andrea@linkspirit.org>

Prev by Date: Re: concrete steps for improving apt downloading security and privacy
Next by Date: Re: concrete steps for improving apt downloading security and privacy
Previous by thread: Re: concrete steps for improving apt downloading security and privacy
Next by thread: Re: concrete steps for improving apt downloading security and privacy
Index(es):
- Date
- Thread