On Sun, Jul 20, 2014, at 08:15, Wouter Verhelst wrote: > Additionally, since debian.org uses DNSSEC, if you can somehow MITM > people.debian.org then due to DANE you can MITM it for HTTP as well as > HTTPS, so forcing HTTPS really doesn't gain you much.
But that implies that the attacker has access to private keys, and in this case you are so screwed. The possibility of stolen private keys should not be argument for not implementing security. > > There are lots of attack vectors. It's not a response to a single > > attack being exploited in the wild. > > So name one? Pervasive monitoring. Really we should introduce encryption *everywhere*. O. -- Ondřej Surý <ond...@sury.org> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1405841035.16130.143560421.61491...@webmail.messagingengine.com
