Re: Debian mirrors and MITM

To: debian-security@lists.debian.org
Subject: Re: Debian mirrors and MITM
From: Alfie John <alfiej@fastmail.fm>
Date: Fri, 30 May 2014 23:23:15 +1000
Message-id: <[🔎] 1401456195.8866.123289337.07259C0C@webmail.messagingengine.com>
Reply-to: alfiej@fastmail.fm
In-reply-to: <[🔎] D8754EBF-3F4D-4C90-A016-CCC195E33737@vianet.ca>
References: <[🔎] 1401452101.25524.123263721.146F1AFF@webmail.messagingengine.com> <[🔎] bfad3c3a-e7f4-11e3-8753-00163eeb5320@msgid.mathom.us> <[🔎] 1401453836.31698.123277245.0BFA1590@webmail.messagingengine.com> <[🔎] f78d4218bec9db44c0d491e4318f2a41@mail.adsl.funky-badger.org> <[🔎] 1401455611.6597.123286253.5D5A44D8@webmail.messagingengine.com> <[🔎] D8754EBF-3F4D-4C90-A016-CCC195E33737@vianet.ca>

On Fri, May 30, 2014, at 11:17 PM, Reid Sutherland wrote:
> > As what I posted earlier, all you would need to do is to MITM the
> > install of APT during an install. Who cares what the signatures look
> > like since you've NOPed the checksumming code!
> 
> So OpenSSL can be flawed and nobody bats an eye, APT uses GnuPG and
> everyone (this guy) loses their mind?

Strawman much? What does bring up OpenSSL have anything to do with
Debian mirrors being MITM?

Alfie

-- 
  Alfie John
  alfiej@fastmail.fm

Reply to:

References:
- Debian mirrors and MITM
  - From: Alfie John <alfiej@fastmail.fm>
- Re: Debian mirrors and MITM
  - From: Michael Stone <mstone@debian.org>
- Re: Debian mirrors and MITM
  - From: Alfie John <alfiej@fastmail.fm>
- Re: Debian mirrors and MITM
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: Debian mirrors and MITM
  - From: Alfie John <alfiej@fastmail.fm>
- Re: Debian mirrors and MITM
  - From: Reid Sutherland <reid@vianet.ca>

Prev by Date: Re: Debian mirrors and MITM
Next by Date: Re: Debian mirrors and MITM
Previous by thread: Re: Debian mirrors and MITM
Next by thread: Re: Debian mirrors and MITM
Index(es):
- Date
- Thread