林博仁 wrote... > I believe that there's no benefit on accessing Debian archive with HTTPS as > they uses GnuPG for authentication GnuPG indeed serves the purposes of authenticity and integrity very well. Modulo bugs every now and then, but they happen on other layers as well. Also, nobody should rely on the privacy in this case since the server content is public and the clients have a fairly simple access pattern. Decoding the transfers from this isn't trival but seems doable with some effort - one day I'll write a prove of concept for this. There is however a reason for https, a sad one though: Braindead "security" applicances that do deep packet inspection and might reject the download of packages. Christoph
Attachment:
signature.asc
Description: Digital signature