tech-install archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: HTTPS trust anchors in sysinst

On 2023-08-28 00:07, Taylor R Campbell wrote:
Date: Sat, 26 Aug 2023 16:06:39 +0200
From: Johnny Billquist <>

Even worse - we are then getting into territory where old releases
might accept bad certificates, since they use SSL and have trust
anchors and so on. But once those get compromised, these old
releases/installers are suddenly not safe anymore.
This is not worse than the status quo, which is that the old (and
current!) releases/installers are _already_ not safe from a MITM on
the network when fetching sets over the network from
Well. I would argue that it is worse, since this might make people think 
they are safe, while previously it was clearly not the case.
The promise is a (the) difference.

Also, if you're doing public-key crypto - for anything - in the
installers, this will drastically, I am tempted to say
catastrophically, slow down installation on low-end machines, like a
MicroVAX-II or Sun-3.  (Of course, NetBSD might be fine with that.  I
just think it should be at least thought about.)
It will be worse than horrible...
Can you please follow the same instructions I sent to Mouse to help me
gauge possible performance impacts on the low-end machines you care
If Mouse don't beat me to it, I'll try to eventually get to it. As far 
as VAXen go, I do har a fairly fast one where I am, but it's still going 
to be slow by todays standard (it's a 4000/90 with 128M of memory). But 
it's usually not up and running.

Johnny Billquist                  || "I'm on a bus
                                  ||  on a psychedelic trip
email:             ||  Reading murder books
pdp is alive!                     ||  tryin' to stay hip" - B. Idol

Home | Main Index | Thread Index | Old Index