Re: No port 443 (https) available at "security.debian.org"-repository

2017-08-04 Thread Ondřej Surý
CAA record is meant to be consumed by CA, not by end-users, thus it doesn't provide much protection. O. -- Ondřej Surý Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC)

Re: No port 443 (https) available at "security.debian.org"-repository

2017-07-25 Thread James Bromberger
On 26/07/2017 6:20 AM, Adam Borowski wrote: > https provides no protection against targetted attacks by government agents. > The CA cartel model consists of 400+ CAs, many of them outright controlled > by governments, most of the rest doing what they're told (no, warrants are > are a story for

Re: No port 443 (https) available at "security.debian.org"-repository

2017-07-25 Thread Adam Borowski
On Wed, Jul 26, 2017 at 07:01:36AM +0800, James Bromberger wrote: > On 26/07/2017 6:20 AM, Adam Borowski wrote: > > https provides no protection against targetted attacks by government > > agents. > > The CA cartel model consists of 400+ CAs, many of them outright controlled > > by governments,

Re: No port 443 (https) available at "security.debian.org"-repository

2017-07-25 Thread Adam Borowski
On Tue, Jul 25, 2017 at 09:56:41PM +0100, Chris Lamb wrote: > > your repositories on "debian.org" (especially "http://security.debian.org/; > > !!) are not! > > The files are cryptographically signed which guarantees > they haven't been tampered with in transit (modulo replay > attacks which are

Re: No port 443 (https) available at "security.debian.org"-repository

2017-07-25 Thread Peter Palfrader
On Tue, 25 Jul 2017, Chris Lamb wrote: > Zeiha, > > > your repositories on "debian.org" (especially "http://security.debian.org/; > > !!) are not! > In short, there's no need for SSL. Please see > for the technical details. > We still want to provide this

Re: No port 443 (https) available at "security.debian.org"-repository

2017-07-25 Thread Chris Lamb
Zeiha, > your repositories on "debian.org" (especially "http://security.debian.org/; > !!) are not! This has been brought up many times on many lists; please see/search the archives in future. The files are cryptographically signed which guarantees they haven't been tampered with in transit

No port 443 (https) available at "security.debian.org"-repository

2017-07-25 Thread Zei Ha gmx.net
Dear Madams, dear Sirs, quite all web-pages of "debian.org" (even the "forums") are available through secure-http (https, port 443), but your repositories on "debian.org" (especially "http://security.debian.org/; !!) are not! Why?? Beside vulnerabilities in "apt", it is not less important, that