15 votes

Why does apt not use https?

1 comment

  1. 666
    Link
    I've read that many times and his point about privacy still does not make any sense to me. He presents a theoretical attack to which no known exploit exists and that would only work if you either...

    I've read that many times and his point about privacy still does not make any sense to me. He presents a theoretical attack to which no known exploit exists and that would only work if you either download a single package as update (very unlikely) and the package has a significant size difference in comparison to every other package in the repository. With keep alive or, better yet, HTTP/2 his attack goes from very unlikely to impossible. Also without HTTPS the supposed attacker will know exactly what versions you are installing and that will help him easily choose his exploits. His point about not trusting CAs is just a fallacy, just because we can't trust a few of them doesn't mean we shouldn't trust any of them and we should give up on HTTPS. And finally there's one big issue that HTTPS solves and he doesn't mention: middleboxes and captive portals, I've had a middlebox break my updates because it intercepted and modified HTTP requests (it wasn't blocking them, just modifying the connection in a way that broke APT), for HTTPS requests it only inspected the SNI so it didn't break them. I want to add as a personal opinion that a little privacy and security added is better than none at all, it will at least deter most non-targeted attacks.

    5 votes