public inbox for [email protected]
help / color / mirror / Atom feedFrom: Magnus Hagander <[email protected]>
To: Thomas Mayer <[email protected]>
Cc: pgsql-docs <[email protected]>
Subject: Re: .deb signing key insecure against MitM
Date: Mon, 7 Mar 2016 16:06:09 +0100
Message-ID: <CABUevEwS3ZzWLtmWTG=TNqs91sLy2efbaap5wrBbDg8Qf9Yn2w@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
List-Unsubscribe: <mailto:[email protected]?body=unsub%20pgsql-docs>
On Mon, Mar 7, 2016 at 4:03 PM, Thomas Mayer <[email protected]>
wrote:
> I just visited http://www.postgresql.org/download/linux/debian/ and my
> impression is that the way the signing key is published is not secured
> against wrong origin or manipulation by a man in the middle (MitM) attacker.
>
> Meaning, that if a MitM attacker can compromise downloads, he or she is
> also able to compromise the documentation site including the source of the
> signing key, e.g. by publishing the attacker's signing key to the user.
> Debian's apt-get will not complain if everything fits together.
>
> Therefore, I suggest that the whole page should be TLS secured
> (HTTPS-only), not because of encryption but to ensure origin and integrity
> of the signing key.
>
Work is under way to make the entire website available under https only.
It's blocked behind some other work at this point, but once we get there,
it should make this situation a lot better.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
view thread (2+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: .deb signing key insecure against MitM
In-Reply-To: <CABUevEwS3ZzWLtmWTG=TNqs91sLy2efbaap5wrBbDg8Qf9Yn2w@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox