Op zondag 20 juli 2014 11:06:00 schreef Tim Retout: > On 20 July 2014 10:07, Wouter Verhelst <w...@uter.be> wrote: > > With the state of the CA cartel these days, I have little > > trust in the strength of HTTPS as a verification mechanism, and so I > > wouldn't trust a file to be correct even if it came through an HTTPS > > connection that validates. Instead, I would only trust such a file if it > > came with a GPG signature from a key that is in the Debian keyring. > > Good, because that's not what HTTPS does for you. It makes it more > difficult to watch exactly what you're accessing. > > Suppose for example I uploaded a preseed file to people.debian.org > that created a Tor relay, and a suitably large government agency > wanted to see all the IP addresses installing it. With HTTP, they > just break into the internet backbone at an appropriate point, and log > every request for that file in a *completely undetectable manner*. > With HTTPS, they either need to break into the machine running > people.debian.org, or start presenting a different SSL certificate - > both things which can potentially be detected. > > Another situation is if a dissident accesses people.debian.org via > Tor. With HTTP, the operator of the exit node they are using could > MITM the request and tamper with the file - no state intervention > required. If it's a web page, they could potentially attempt to > exploit the browser.
These are all good arguments for enabling HTTPS and making it the default (which I've said repeatedly is a move that I support, or at the very least don't oppose), but not for *disabling* the possibility of plain HTTP. "There might be a reason why a user would want to use encryption" does not negate "there might be a reason why a user would *not* want to use encryption". I'm claiming the reasons as in the latter exist; one (and not the least) of which is that downloading files off people.debian.org from d-i preseeding happens today, is a valid use of that service, and cannot be done if HTTP is disabled. If you think there aren't such valid reasons, you either need to show me why my claim is wrong, or why the costs to doing so outweigh the benefits. So far I haven't seen anyone do that. [...] -- It is easy to love a country that is famous for chocolate and beer -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1716734.flo03rq...@grep.be
