On 16/05/15 08:36, Jim Perrin wrote:
On 05/15/2015 02:49 PM, Matthew Miller wrote:
On Fri, May 15, 2015 at 03:44:39PM -0400, James B. Byrne wrote:
What are the plans for the CentOS repos with respect to authentication and https everywhere? At the moment it is a trivial exercise to perform a MTM attack during a yum update over http.
Since the packages themselves are signed, what risk are you concerned about?
Not only are the packages signed, but we're now offering signed repository metadata as well.
HTTPS is an incremental improvement, but is by no means a silver bullet. Look at the superfish fiasco if anyone thinks otherwise.
The other side to this is many people update from outside .centos.org. Who's cert would you use for mirrors.kernel.org/centos/7/os/x86_64/ for example?
Agreed, MITM isn't a great problem as the packages are signed.
People monitoring your connection know what you've updated, and what you haven't, thus knowing what you may be vulnerable to, is a problem. But quite arguably not a great as problem as a MITM attack.
Pete.