/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider providing repomd.xml hash over https #891

Open
marmarek opened this Issue Mar 8, 2015 · 8 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 3.2 updates
3 participants
@marmarek @andrewdavidwong @rootkovska
@marmarek
Member

marmarek commented Mar 8, 2015

Reported by marmarek on 4 Sep 2014 20:30 UTC
https://groups.google.com/d/topic/qubes-devel/39k347Du_D4/discussion

This will make MITM attack at least harder. Currently (unsigned metadata downloaded over plain http) makes MITM attack trivial and user will not even get any error message when someone subvert the connection. Making it HTTPS at least will give some error message when someone will try to keep you away from updates.

Migrated-From: https://wiki.qubes-os.org/ticket/891

@marmarek marmarek assigned rootkovska Mar 8, 2015

@marmarek marmarek added this to the Release 2 milestone Mar 8, 2015

@marmarek marmarek added enhancement C: core P: major labels Mar 8, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Mar 8, 2015

Member

Comment by marmarek on 4 Sep 2014 20:32 UTC
IMHO it can use self-signed (or private CA) certificate, specifically listed in yum settings for Qubes repositories (sslcacert option for repository definition).
Member

marmarek commented Mar 8, 2015

Comment by marmarek on 4 Sep 2014 20:32 UTC
IMHO it can use self-signed (or private CA) certificate, specifically listed in yum settings for Qubes repositories (sslcacert option for repository definition).
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Mar 8, 2015

Member

Comment by joanna on 8 Sep 2014 09:53 UTC
Even if we wanted to use a special-purpose cert (so not-so-trusted, with priv key kept on the server) for this, the question remains about how to whitelist the CAs for yum? Without that this would be pretty meaningless...

https://groups.google.com/d/msg/qubes-users/qluZgegOnO8/odz_zxtOkkUJ
Member

marmarek commented Mar 8, 2015

Comment by joanna on 8 Sep 2014 09:53 UTC
Even if we wanted to use a special-purpose cert (so not-so-trusted, with priv key kept on the server) for this, the question remains about how to whitelist the CAs for yum? Without that this would be pretty meaningless...

https://groups.google.com/d/msg/qubes-users/qluZgegOnO8/odz_zxtOkkUJ
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Mar 8, 2015

Member

Comment by marmarek on 8 Sep 2014 09:59 UTC
You can provide CA whitelist per-repo, so we can simply place there self-signed cert for Qubes repositories and leave the defaults for other (Fedora) ones.
Member

marmarek commented Mar 8, 2015

Comment by marmarek on 8 Sep 2014 09:59 UTC
You can provide CA whitelist per-repo, so we can simply place there self-signed cert for Qubes repositories and leave the defaults for other (Fedora) ones.
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Mar 8, 2015

Member

Modified by joanna on 8 Sep 2014 10:00 UTC
Member

marmarek commented Mar 8, 2015

Modified by joanna on 8 Sep 2014 10:00 UTC

@marmarek marmarek modified the milestones: Release 2.1 (post R2), Release 2 Mar 8, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Apr 7, 2015

Member

Alternatively we can use signed metadata (same as Debian uses by default). This will also help with implementing updates-freeze attack detection. Details here:
https://groups.google.com/d/msgid/qubes-devel/5520B680.5030701%40whonix.org
Member

marmarek commented Apr 7, 2015

Alternatively we can use signed metadata (same as Debian uses by default). This will also help with implementing updates-freeze attack detection. Details here:
https://groups.google.com/d/msgid/qubes-devel/5520B680.5030701%40whonix.org

@marmarek marmarek modified the milestones: Release 3, Release 2.1 (post R2) Apr 7, 2015

@marmarek marmarek modified the milestones: Release 3.1, Release 3.0 May 23, 2015

@marmarek marmarek referenced this issue Sep 29, 2015

Open

Generate proper metalink for yum repositories #1254

@marmarek marmarek modified the milestones: Release 3.2, Release 3.1 Feb 8, 2016

@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Apr 21, 2016

Member

Just doing a routine check: Is it still correct that @rootkovska is assigned to this issue?
Member

andrewdavidwong commented Apr 21, 2016

Just doing a routine check: Is it still correct that @rootkovska is assigned to this issue?

@marmarek marmarek unassigned rootkovska Apr 21, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Apr 21, 2016

Member

No.
Member

marmarek commented Apr 21, 2016

No.

@marmarek marmarek modified the milestones: Release 3.2, Release 3.2 updates Nov 19, 2016

@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Mar 26, 2018

Member

@marmarek: Is there any special reason that yum.qubes-os.org and deb.qubes-os.org use HTTP instead of HTTPS in repo definitions by default? Should we switch them all to HTTPS?
Member

andrewdavidwong commented Mar 26, 2018

@marmarek: Is there any special reason that yum.qubes-os.org and deb.qubes-os.org use HTTP instead of HTTPS in repo definitions by default? Should we switch them all to HTTPS?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment