On 8/20/21 4:56 PM, Russ Allbery wrote: > Jeremy Stanley <fu...@yuggoth.org> writes: > >> I agree with all of the above, my point was that the current state of >> HTTPS doesn't especially improve integrity for Debian package management >> over the signed indices and checksums we already rely on, and trying to >> use HTTPS for privacy/secrecy (which isn't really what it was designed >> for) is still and perhaps even increasingly misguided. Of course lots of >> people will continue to expect magic HTTPS fairy dust to protect them >> and ward off evil, but the only legitimate reason I can see for Debian >> changing the default protocol for sources.list entries is to avoid >> having to pointlessly debate the minimal benefits of HTTPS with people >> who drink whatever cool-aid they're told by security "experts" (HTTP >> bad, HTTPS good, drink up!). > > Do you think using HTTPS makes security worse?
Doing an update over Tor would be a much nicer improvement (so that nobody can tell what package you didn't upgrade yet...). > Personally, I think we should switch our default to HTTPS not because we > have a specific security flaw in mind against which HTTPS provides some > protection but because it's consistent with the general message that a lot > of us (including, for example, the EFF and the IETF) are trying to send to > average users who don't have the expertise to analyze any of this: use TLS > by default wherever you can. It's not a panacea, but ubiquitous, default > use of TLS helps both your security and your privacy compared to either > the previous default of no TLS or spending a bunch of mental energy > picking and choosing. > IMO, it's consistent with blindly trusting HTTPS which isn't helping much here (especially compared to Tor), and if we want to promote something, that'd be Tor, not the blindly trusted bunch of CAs... Cheers, Thomas Goirand (zigo)
