Hi Russ, Kristian, On 24.10.2016 07:19, Kristian Erik Hermansen wrote: > On Sun, Oct 23, 2016 at 7:28 PM, Russ Allbery <r...@debian.org> wrote: >> The idea is to *add* HTTPS protection on top of the protections we already >> have. You're correct that it doesn't give you authentication of the >> packages without a bunch of work, and we should assume that the general >> public CA system is compromised. But that actually doesn't matter much >> for our purposes, since the point is to greatly increase the cost of >> gathering data about what packages people have installed. >> >> The value of HTTPS lies in its protection against passive snooping. Given > > Exactly! Much better said than how I originally phrased these issues. > >> what package and at what version. HTTPS doesn't *prevent* this, but it >> requires the attacker to do much more sophisticated traffic analysis, or >> take the *much* more expensive and *far* riskier step of moving to active >> interference with traffic, neither of which nation-state attackers want to >> do and neither of which they have the resources to do *routinely*. >> >> It won't help if a nation-state actor is targeting you *in particular*. >> But it helps immensely against dragnet surveillance. > > Again, exactly right and well stated. We can never stop targeted > attacks, but we can make passive data collection more expensive and > increase the chances that a targeted attack is detected.
Yes, thank you for explanations, I now get the point of improving more confidentiality than integrity here, and warding off most of passive data gatherers.