林博仁 wrote... > I believe that there's no benefit on accessing Debian archive with HTTPS as > they uses GnuPG for authentication
GnuPG indeed serves the purposes of authenticity and integrity very
well. Modulo bugs every now and then, but they happen on other layers as
well.
Also, nobody should rely on the privacy in this case since the server
content is public and the clients have a fairly simple access pattern.
Decoding the transfers from this isn't trival but seems doable with some
effort - one day I'll write a prove of concept for this.
There is however a reason for https, a sad one though: Braindead
"security" applicances that do deep packet inspection and might reject
the download of packages.
Christoph
signature.asc
Description: Digital signature
