[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS needs to be implemented for updating

Casper Thomsen wrote...

> On Sun, Dec 18, 2016 at 12:35 PM, datanoise <datanoise@bitjungle.info> wrote:
> > There could be https mirrors as well as non-https mirrors.
> There is https://cloudfront.debian.net which you could decide to trust.
> It doesn't *need* to be a "Debian SSL cert"; since you trust the
> mirror anyway is some regard, you could as well "just" also trust the
> mirror's certificate (and handling thereof).

Well, this creates trust for the path until (but excluding) that
particular mirror only. Can I trust the mirror? And even if, there's no
guarantee the mirror got the data through a trusted path.


Attachment: signature.asc
Description: Digital signature

Reply to: