Kurt Roeckx <k...@roeckx.be> writes: > On Fri, May 30, 2014 at 10:43:56PM +1000, Alfie John wrote: >> On Fri, May 30, 2014, at 10:24 PM, Michael Stone wrote: >> > On Fri, May 30, 2014 at 10:15:01PM +1000, Alfie John wrote: >> > >The public Debian mirrors seem like an obvious target for governments to >> > >MITM. I know that the MD5s are also published, but unless you're >> > >verifying them with third parties, what's stopping the MD5s being >> > >compromised too? >> > >> > The cryptographic signatures that are validated automatically by apt. >> >> What's stopping the attacker from serving a compromised apt? > > apt will check that the new apt is properly signed.
This entire secure artifice depends entirely on the integrity of apt, and presumably the various libraries that it depends on. Now I don't want to call into question the esteemed authors of said program, and depending libraries, but I do think that providing https mirrors gives us two distinct advantages over plain http: . in the case that there is a bug in apt, or gpg, or something else, having https would provide at minimum a minor set of defense against bulk, non-targeted quantum insert and foxacid attacks, not to mention MiTM compromises from a hostile local network . keeps an adversary who may be listening on the wire from looking at what you are installing. who cares what you are installing? well it turns out that is very interesting information. If you can see that I've just installed X package, and you then just look over at our security tracker and find that this package has an exploit... micah
pgp50ulNq1plS.pgp
Description: PGP signature