> > I have very limited trust in the CAs. > So do I. It is actually not the point. Either we consider them useless, in which case we should refuse to use them and oppose them because they provide a false sense of security. We should then think of alternatives.
If we consider them still a bit more secure than plain http, we should use them, without getting naive and thinking that they do wonders and without stopping to still think of alternatives. The actual exact level of trust we have in them is quite irrelevant in that sense. To just elaborate briefly on it: If I use *http*, anyone, anywhere even on my LAN, going upwards all the way through the internet all the way to the download site, could mess with my downloads. Anyone, without special clearances, courtorders, connections etc. All they need is access to a router, server, wifi network or lan or actually just cable that i am communicating through. They don't even need to be very skilled, because there is plenty of software out there to do MITM attacks readymade. They don't even need to mount a collision attack in md5, because they could just change the checksums file to send me another hash. It couldn't be simpler actually. If I use *https*, like when i downloaded fedora yesterday, then the weakest link was fedora's https. So anyone managing to crack that would be able to send me whatever they want basically. If we just omit the very real life risks of poor server implementations and poor security attitudes of people using https for a moment, coming to the trust of CA's, than basically it is conceivable that a government or a big economical power for my part manages to obtain a false certificate from the root CA. It is hard to assess this risk without being either naive or paranoid because we know very litte about the CA's, but I think that realistically speaking it would come down to either getting a court order, which probably needs a specific investigation etc, which becomes a rather far fetched risk when it comes down to downloading an operatiing system. Or it comes down to stealing the private key of the CA without them finding out, which is difficult to assess, we can only hope that CA's and the auditors do some effort to make that hard to very hard. Or it comes down to having the CA giving out false certificates which means they are completely betraying all their users, their policy and lying about it, because at least Go Daddy and Verisign claim that they never even had such a request<http://www.wired.com/threatlevel/2010/03/packet-forensics/>by a law enforcement agency. All in all, I don't trust CA's, but if I realistically assess the difference in difficulty of sending me tampered with stuff over http or https, and the number of people having the means of doing so, I would say there is a big, very big difference between the two. For those who now start to write me to ask me how much i trust the people on my LAN, I can assure you that I have tightly wrapped them in tin foil, so I should be fine. > Personally I have a higher trust in what Debian is shipping > because I know how things work in Debian and I've met all > the people involved and probably signed their keys myself. > That is not the case for the uttermost part of the population on this globe. The rest of us, if we care at all, have to form our opinion from what is publicly visible, like what is on the website, and the attitude in mailinglists like this. > So I think your problems are: > - The main website doesn't have https (because it's mirrored) > - You don't trust our CA because your browser/OS doesn't have it. > - The instructions to verify things might need to be updated. > My main problem is that by what is on the website and in this thread, I cannot find any practically achievable way of obtaining debian with any security level any higher than that of plain http. I don't quite see how changing the instructions to verify would alleviate that problem. On those instructions, I do have two remarks though. 1. They are in my opinion not comprehensible for a non geek user. I think here also it might be worth having a look at the fedora website <https://fedoraproject.org/en/verify>because it seems they are doing a better job. It is still not perfect, but the instructions are more accessible. 2. On the security level, I do think that the debian instructions give a false notion of security because they don't give an assessment of security for the reader, they just give the impression that they allow the user to verify the download, which related to malicious intent actually is wrong. To spot this, the reader must know that md5 is insecure, and that the proposed manner of obtaining the debian key is actually not secure. Any reader that is capable of executing the instructions, but not knowledgeable enough to see these two dangers might be led to believe that they have actually safely verified their download where in fact they have not. It is my sincere conviction that given the importance and lack of comprehension of computer security every page like the verification instructions which is related to security should clearly and in an accessible way describe its context, it's aim and limitations or vulnerabilities considering security. If the author of such instructions would be forced to justify say md5, I am quite confident that md5 would instantly be scrapped and replaced by better algorithm and we would instantly already have better and safer instructions. Furthermore it would prevent false sense of security and have an educational value as well as the added benefit that people using security mechanisms would also understand them much more often. I rest my case, greetz, naja melan
