Re: Debian mirrors and MITM

To: debian-security@lists.debian.org
Subject: Re: Debian mirrors and MITM
From: Hans-Christoph Steiner <hans@at.or.at>
Date: Thu, 03 Jul 2014 15:35:12 -0400
Message-id: <[🔎] 53B5B070.1060503@at.or.at>
In-reply-to: <[🔎] 44a67e28-02e5-11e4-943d-00163eeb5320@msgid.mathom.us>
References: <bfad3c3a-e7f4-11e3-8753-00163eeb5320@msgid.mathom.us> <1401453836.31698.123277245.0BFA1590@webmail.messagingengine.com> <20140530131107.GA7435@roeckx.be> <87bnuf744x.fsf@muck.riseup.net> <[🔎] 476000FE-7A7D-4DAB-B344-A928EF9E3F02@at.or.at> <[🔎] e4cb4f22-02c8-11e4-904c-00163eeb5320@msgid.mathom.us> <[🔎] F3C70EC9-E2E9-48CA-87D9-7CE3F82967BB@at.or.at> <[🔎] CD4E3945-532A-4DAD-9CFA-4742DFDCF4A0@at.or.at> <[🔎] 8EB7DF12-C21B-4A86-A71E-79F4DC0E4003@vianet.ca> <[🔎] 53B588F5.7060606@at.or.at> <[🔎] 44a67e28-02e5-11e4-943d-00163eeb5320@msgid.mathom.us>


On 07/03/2014 03:08 PM, Michael Stone wrote:
> On Thu, Jul 03, 2014 at 12:46:45PM -0400, Hans-Christoph Steiner wrote:
>> Google uses SPKI pinning heavily, for example,
>> but they still use CA-signed certificates so their HTTPS works with Firefox,
>> IE, Opera, etc.
> 
> Yes, and MS does similar. The difference is, they own their infrastructure and
> debian relies on donations. It's a lot harder for debian to control the
> certificates on third party machines than it is for a big company to control
> the certificates on its own machines.
> 
> Mike Stone

This is true.  But Debian owns apt, and apt is the key piece of software that
has to talk this encrypted protocol.  It would be nice if it worked in the
browser, but that is far from a requirement.

.hc

Reply to:

References:
- Re: Debian mirrors and MITM
  - From: Hans-Christoph Steiner <hans@at.or.at>
- Re: Debian mirrors and MITM
  - From: Michael Stone <mstone@debian.org>
- Re: Debian mirrors and MITM
  - From: Hans-Christoph Steiner <hans@at.or.at>
- Re: Debian mirrors and MITM
  - From: Hans-Christoph Steiner <hans@at.or.at>
- Re: Debian mirrors and MITM
  - From: Reid Sutherland <reid@vianet.ca>
- Re: Debian mirrors and MITM
  - From: Hans-Christoph Steiner <hans@at.or.at>
- Re: Debian mirrors and MITM
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Re: Debian mirrors and MITM
Next by Date: Re: Debian mirrors and MITM
Previous by thread: Re: Debian mirrors and MITM
Next by thread: Re: Debian mirrors and MITM
Index(es):
- Date
- Thread