Jeremy Stanley <fu...@yuggoth.org> writes: > On 2025-03-27 20:57:52 +0100 (+0100), Petter Reinholdtsen wrote: >> [Simon Josefsson] >> > Why does it need to encrypt data? >> >> To protect the users privacy. >> >> > Can't we just send telemetry over https like everyone else? >> >> Not all popcon submissions go over https, the fallback mechanism is >> SMTP. > > Also, OpenPGP encryption for the PopCon key means that you trust the > handful of Debian project members and systems entrusted with access to > that private key. Relying on HTTPS (SSL/TLS) means you're going to > trust every organization who controls a CA in the root certificates > list on your system as well as anyone/anything they might delegate > wildcard records to (unless popularity-contest pins specific server > certs, I haven't dug deep enough to know whether it does). > > Not that I personally feel like my popcon data is so highly sensitive > that I'm worried about random governments or organized > crime^W^Wcorporate interests snooping it, but the distinction is > significant. PGP and TLS are not even remotely similar models > privacy-wise.
There are many problems with WebPKI, but at least we have mechanisms like Certificate Transparency to audit key usage of the CAs involved. There is no comparable mechanism for PGP keys used by individuals in Debian. Who are the individuals who have access to this PGP private key? How are the keys protected? Before such questions are answered, I believe it can be a reasonable choice to prefer to be in the same boat as everyone else (WebPKI) rather than jumping into another unknown boat which may have better or worse properties. /Simon
signature.asc
Description: PGP signature
