[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27437: Source downloader accepts X.509 certificate for incorrect dom

From: Leo Famulari
Subject: bug#27437: Source downloader accepts X.509 certificate for incorrect domain
Date: Thu, 22 Jun 2017 12:16:09 -0400
User-agent: Mutt/1.8.3 (2017-05-23)

On Thu, Jun 22, 2017 at 09:57:23AM +0200, Ludovic Courtès wrote:
> > Perhaps a MITM could send a huge file and fill up the disk or something
> > like that.
> I’m generally in favor of relying on X.509 certificates as little as
> possible, and in this case, while I agree that it could protect us
> against the scenario you describe, I think it’s a bit of a stretch.

Agreed, the X.509 PKI is really brittle, and so I think our current
choice is reaosnable.

It's different for `guix pull` because we don't use the full PKI, we
control most of the code involved, and we have a good relationship with
the Savannah admins. Of course, we should eventually improve `guix pull`
to verify code signatures instead.

> However, we’d very likely have bug reports of people for which downloads
> fail because of various issues in the X.509 infrastructure and/or in how
> the they set up their system (‘nss-certs’ uninstalled or too old,
> SSL_CERT_DIR unset, etc.)

Indeed, that would be super-annoying.

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]