Re: Debian mirrors and MITM
* Hans-Christoph Steiner <hans@at.or.at> [140703 18:10]:
> You are correct that HTTPS would not entirely address #2, but it does
> improve the situation over HTTP. For example, an ISP, network operator,
> or government could block an entire mirror or all mirrors by redirecting
> requests to their own mirror which does not get updates. That would be
> transparent to the user.
- An ISP could just offer to host a mirror, thus getting the certificates
for free. All you could avoid is getting in the way of someone willfully
wasting bandwith by using a specific far away mirror.
- A goverment could likely just do the same, but with any
certificates/private keys of any mirrors near you.
- It is only "Transparent" in a very abstract sense of the word. People
know what security updates there are. Sending outdated stuff to many
people is hard to hide. So you need a targeted attack, which would
even cause more suspicion if someone realizes it.
If someone updates the packages manually detection chances are
astronomically high. If things are updated manually then a targeted
attack might as well block the traffic and also block the mails
going out about the automated update failing.
And then there is still the massive negative aspect of using https,
which any positive aspects have to trumph: If using https, people might
actually think they can just use a browser or the like to download
things and get a validated file. Which of course it is not, as so many
people can trivially inject something. An false feeling of having
security can be much worse than anything else often.
Bernhard R. Link
--
F8AC 04D5 0B9B 064B 3383 C3DA AFFC 96D1 151D FFDC
Reply to: