Comment 30 for bug 1464064

With regards to CVE-2019-3462, my organization agrees with the statement made on NSA QUANTUM: https://twitter.com/TRONDELTA/status/1087810526539931649

On behalf of my intelligence organization, I think it would be much better, if Canonical servers would require TLS >= 1.2 encryption (HSTS and ECDHE preferred) and thus identify themselves properly, so machines/users would be able make sure who they are talking/connecting to.

We think that would definitely make MITM and MOTS attacks more difficult. Personally, I'm aware of the existing signature scheme, i.e. present package security. Nonetheless, it does not seem to address the problem of transport security; especially the lack of identification. Therefore, I simply consider the assertions of whydoesaptnotusehttps.com as wrong.

There is also a research paper named "A Look In the Mirror: Attacks on Package Managers" (https://isis.poly.edu/~jcappos/papers/cappos_mirror_ccs_08.pdf), which showed that both APT and YUM repositories are vulnerable to replay attacks, in case the repository is accessed via HTTP (even with valid GPG signatures used).

In addition to that, Launchpad bug https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467 showed, that transport security sometimes may reduce the impact of known vulnerabilities and exposures.

Given the present state of things, I agree, on behalf of the members of my organization, that TLS should be optional, at least for a transitional period of LTS (5) years. We strongly recommend the decision makers at Canonical to act professionally on this and make a change soon.