[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27437: Source downloader accepts X.509 certificate for incorrect dom
From: |
Leo Famulari |
Subject: |
bug#27437: Source downloader accepts X.509 certificate for incorrect domain |
Date: |
Thu, 22 Jun 2017 12:16:09 -0400 |
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Thu, Jun 22, 2017 at 09:57:23AM +0200, Ludovic Courtès wrote:
> > Perhaps a MITM could send a huge file and fill up the disk or something
> > like that.
>
> I’m generally in favor of relying on X.509 certificates as little as
> possible, and in this case, while I agree that it could protect us
> against the scenario you describe, I think it’s a bit of a stretch.
Agreed, the X.509 PKI is really brittle, and so I think our current
choice is reaosnable.
It's different for `guix pull` because we don't use the full PKI, we
control most of the code involved, and we have a good relationship with
the Savannah admins. Of course, we should eventually improve `guix pull`
to verify code signatures instead.
> However, we’d very likely have bug reports of people for which downloads
> fail because of various issues in the X.509 infrastructure and/or in how
> the they set up their system (‘nss-certs’ uninstalled or too old,
> SSL_CERT_DIR unset, etc.)
Indeed, that would be super-annoying.
signature.asc
Description: PGP signature
- bug#27437: Source downloader accepts X.509 certificate for incorrect domain, Leo Famulari, 2017/06/21
- bug#27437: Source downloader accepts X.509 certificate for incorrect domain, ng0, 2017/06/22
- bug#27437: Source downloader accepts X.509 certificate for incorrect domain, Ricardo Wurmus, 2017/06/22
- bug#27437: Source downloader accepts X.509 certificate for incorrect domain, Marius Bakke, 2017/06/22
- bug#27437: Source downloader accepts X.509 certificate for incorrect domain, Leo Famulari, 2017/06/22
- bug#27437: Source downloader accepts X.509 certificate for incorrect domain, Ricardo Wurmus, 2017/06/23