Kurt Roeckx <k...@roeckx.be> writes: > On Fri, May 30, 2014 at 10:43:56PM +1000, Alfie John wrote: >> On Fri, May 30, 2014, at 10:24 PM, Michael Stone wrote: >> > On Fri, May 30, 2014 at 10:15:01PM +1000, Alfie John wrote: >> > >The public Debian mirrors seem like an obvious target for governments to >> > >MITM. I know that the MD5s are also published, but unless you're >> > >verifying them with third parties, what's stopping the MD5s being >> > >compromised too? >> > >> > The cryptographic signatures that are validated automatically by apt. >> >> What's stopping the attacker from serving a compromised apt? > > apt will check that the new apt is properly signed.
This entire secure artifice depends entirely on the integrity of
apt, and presumably the various libraries that it depends on.
Now I don't want to call into question the esteemed authors of said
program, and depending libraries, but I do think that providing https
mirrors gives us two distinct advantages over plain http:
. in the case that there is a bug in apt, or gpg, or something
else, having https would provide at minimum a minor set of
defense against bulk, non-targeted quantum insert and foxacid
attacks, not to mention MiTM compromises from a hostile local
network
. keeps an adversary who may be listening on the wire from
looking at what you are installing. who cares what you are
installing? well it turns out that is very interesting
information. If you can see that I've just installed X package,
and you then just look over at our security tracker and find
that this package has an exploit...
micah
pgp50ulNq1plS.pgp
Description: PGP signature
