"Eugene V. Lyubimkin" <jac...@debian.org> writes: > I'm not sure that benefits outweight the costs. HTTPS requires that I > trust the third-parties -- mirror provider and CA. Gpgv doesn't require > third parties.
It's critical here that we do not drop GPG. We continue using GPG for the integrity and authentication part of package retrieval. If anyone has proposed replacing the GPG signatures, well, I completely disagree with that. The idea is to *add* HTTPS protection on top of the protections we already have. You're correct that it doesn't give you authentication of the packages without a bunch of work, and we should assume that the general public CA system is compromised. But that actually doesn't matter much for our purposes, since the point is to greatly increase the cost of gathering data about what packages people have installed. The value of HTTPS lies in its protection against passive snooping. Given the sad state of the public CA infrastructure, you cannot really protect against active MITM with HTTPS without certificate pinning. But that's fine; active attackers are a much, much rarer attack profile. The most likely attack, and the one we're able to protect against here, is passive observation of mirror traffic used to build a database of who is using what package and at what version. HTTPS doesn't *prevent* this, but it requires the attacker to do much more sophisticated traffic analysis, or take the *much* more expensive and *far* riskier step of moving to active interference with traffic, neither of which nation-state attackers want to do and neither of which they have the resources to do *routinely*. It won't help if a nation-state actor is targeting you *in particular*. But it helps immensely against dragnet surveillance. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
