Re: How to download over https

To: debian-user@lists.debian.org
Subject: Re: How to download over https
From: Pascal Hambourg <pascal@plouf.fr.eu.org>
Date: Thu, 16 Jun 2016 19:48:40 +0200
Message-id: <[🔎] 5762E678.8040007@plouf.fr.eu.org>
In-reply-to: <[🔎] slrnnm5ka8.6b8.dan@xps-linux.djph.net>
References: <[🔎] 7927102.VQkD3l6WS7@tecra> <[🔎] slrnnm5ka8.6b8.dan@xps-linux.djph.net>

Le 16/06/2016 18:18, Dan Purgert a écrit :
1)

So, the fact that HTTPS doesn't ~actually~ provide you with any security
when a "malicious party" has root accesss to the webserver,

AND that it
adds overhead to the transmission


Does it really add network overhead of just CPU overhead on the server ?

2)

Given that "debian" is the "well-trusted" party in this instance, their
providing of both

  - their public signing key, AND
  - the *.iso MD5 and/or SHA checksum(s)

on a HTTPS-secured webpage will suffice the conditions of "creating
trust" for most people.


1) and 2) sound contradictory to me.

Reply to:

Follow-Ups:
- Re: How to download over https
  - From: Dan Purgert <dan@djph.net>

References:
- How to download over https
  - From: matthew <matthew@mdavis.xyz>
- Re: How to download over https
  - From: Dan Purgert <dan@djph.net>

Prev by Date: Re: Missing signatures for installer checksums
Next by Date: Re: error trying to launch the first firefox window on Debian Jessie
Previous by thread: Re: How to download over https
Next by thread: Re: How to download over https
Index(es):
- Date
- Thread