On Fri, May 30, 2014 at 10:43:56PM +1000, Alfie John wrote: > On Fri, May 30, 2014, at 10:24 PM, Michael Stone wrote: > > On Fri, May 30, 2014 at 10:15:01PM +1000, Alfie John wrote: > > >The public Debian mirrors seem like an obvious target for governments to > > >MITM. I know that the MD5s are also published, but unless you're > > >verifying them with third parties, what's stopping the MD5s being > > >compromised too? > > > > The cryptographic signatures that are validated automatically by apt. > > What's stopping the attacker from serving a compromised apt?
apt will check that the new apt is properly signed. During instalation there will be a package installed called debian-archive-keyring, and that is used to verify other things you download. So really the question is how you can be sure that the initial file that you downloaded are authentic and and contain the real key. And it depends on what you use as medium to do your installlation. For instance if you download a CD image, there are also files with the MD5/SHA1/SHA256. There is also a signed file there that you can use to verify that the hashes haven't been modified. So the question becomes if you have a trust path to who signed those files or not, which might not be the case for most people. Having this on a random website with HTTPS doesn't add anything to verify that the files you're downloading are the real ones or not, it doesn't give you an alternative trust path. That mirror might not have verified that the files haven't been tampered with, it might be compromised, it might be doing the attack itself. Having the mirrors do HTTPS doesn't solve your problem of having trust in the initial thing you download. So I basicly see 2 solutions: - The part that needs to be trusted needs to be downloaded over HTTPS from a debian.org host. I'm not sure cdimage.debian.org can offer HTTPS for everything. But maybe the files with the hashes alone can be enough? - Instead of using PGP to sign something we (also) use X509 certificates to sign something. But I don't know how easy it would be for people to actually verify that. Kurt -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140530131107.ga7...@roeckx.be