[PVE-User] HTTPS for download.proxmox.com

proxmox-pve-user-list at licomonch.net proxmox-pve-user-list at licomonch.net
Wed Jul 29 11:31:13 CEST 2020


Hi Florent,

> download.proxmox.com packages are signed with key which public part can
> be downloaded on... download.proxmox.com, without https ! Well done.


That's what public keys are made for .. make them public .. https
doesn't change that .. it's used to transport secrets .. secret like the
S in HTTPS

If you want to use https for validation, you're on the wrong trip. You'd
have to personally check the pub key person (you) to person (proxmox key
admin) to be 100% sure about the correctness of the key ..

If the key is not correct and you aren't already hacked by some evil
minions you'll get a failure at package validation request .. or even
earlier on 'apt update'

The only real gain of package/pub-key distribution via https is a felt
security gain.
The real security gain is minimal and more theoretical. (If someone can
compromise you with changed packages _and_ a wrong repo-key then you
have greater problems then that ;) )



Greeting,
Andreas F.


> 
> On 30/11/2017 12:32, Dietmar Maurer wrote:
>> This is why we have an enterprise repository! Please use the enterprise
>> repository 
>> if you want SSL.
>>
>>> On November 30, 2017 at 12:22 PM Florent B <florent at coppint.com> wrote:
>>>
>>>
>>> Up !
>>>
>>>
>>> On 30/05/2017 15:21, Florent B wrote:
>>>> Hi PVE team,
>>>>
>>>> Would it be possible to include "download.proxmox.com" in SSL
>>>> certificate for accessing downloads with HTTPS.
>>>>
>>>> Current certificate is only valid for proxmox.com & enterprise.proxmox.com.
>>>>
>>>> Thank you.
>>>>
>>>> Florent
>>>>
>>>> _______________________________________________
>>>> pve-user mailing list
>>>> pve-user at pve.proxmox.com
>>>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>> _______________________________________________
>>> pve-user mailing list
>>> pve-user at pve.proxmox.com
>>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> 
> 
> _______________________________________________
> pve-user mailing list
> pve-user at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> 



More information about the pve-user mailing list