* Fernando Lemos: > 1. Man-in-the-middle attacks between clients and security update servers > 2. Denial-of-service attacks to the security updates infrastructure > 3. No trusted servers for security updates for testing and unstable > > Using HTTPS for the security update infrastructure could solve #1,
Not really, because the mirrors are already middlemen, so encrypting the transport to them doesn't change much. > Now if we had a timestamp in the root metadata updated on a daily > basis, that would solve #1 and #3 Actually, it wouldn't because we do not provide a secure time source. pool.ntp.org faces the same theoretical issues as our mirror network. You'd have to fetch the root metadata from a trusted server over something like HTTPS (that is, something with authentication and a challange-response component built in). -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87631wy335....@mid.deneb.enyo.de