Important APT security update - please read the instructions to upgrade APT safely https://www.debian.org/security/2019/dsa-4371
@debian Ouch. I wondered why Debian wasn't using HTTPS. Any plans to do so now, in the light of this vulnerability?
@wizzwizz4 Debian already supports https. But TLS certificates depends on CAs, and most on them aren't trustworthy. Unless you use DANE/HPKP, don't expect https to *prevent* MITM attacks.
@devnull Fair point. However, loads of CAs are trusted by default for _everything else_, and it's better to pile on extra layers so an attacker will need to break _all_ of them.
@wizzwizz4 That's a huge problem. CAs shouldn't be trusted, because they don't give a crap about security. They're only for profit.
More software need to support DANE, more admins need to learn how to configure DANE and HPKP properly.
1. Let's Encrypt.
2. It helps to prevent attackers from easily utilising a vulnerability in one layer of mitigation.
Yeah, it's not perfect. But yes, it's better than nothing. HTTPS + DANE is better than HTTPS + CAs, but HTTPS + DANE + CAs is even better. And @debian doesn't have DANE yet, anyway!
@wizzwizz4 CAs don't certify that websites are trustworthy, or that admins are who they claim to be. CAs aren't a criteria to decide whether we should trust a server or not. Trust level should never depend on whether a server uses a self-signed certificate or a CA-signed ones.
All CAs do is to make all certificates they sign trusted by clients that trust the signing CA. That doesn't mean they add extra security to HTTPS.
@devnull CAs are simply a method for sites to authenticate themselves – and a weak method at that. You're right in saying that CAs offer no advantage when DANE is around.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!