[CentOS-mirror] SSL for mirrors?
cdnops at as250.net
cdnops at as250.netTue Jan 17 13:52:09 UTC 2017
- Previous message: [CentOS-mirror] SSL for mirrors?
- Next message: [CentOS-mirror] SSL for mirrors?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear Ryan, I am curious... which advantages did you intend to get out of the redirect? imho doesn't offer any increase in security at all: 1) The packages are signed, so their integrity is protected. 2) Confidentiality of the request is already broken before the redirect. 3) MITM/Downgrade can already happen there. So unless HTTPS becomes standard delivery method or HSTS is honored, this is a moot exercise anyway that just leads to lower performance. If HTTPS becomes the standard delivery method, against which CA base will certificates be checked? Having signed packages already solves this problem nicely and at the most convenient layer. Please don't get me wrong... generally I think enabling TLS is a great idea, but in this case I'm doubtful of the benefit. Kind regards AS250.net CDN OPS
- Previous message: [CentOS-mirror] SSL for mirrors?
- Next message: [CentOS-mirror] SSL for mirrors?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS-mirror mailing list