[vlc-devel] Future of the update mechanism
Rémi Denis-Courmont
remi at remlab.net
Thu Jul 30 09:19:52 CEST 2009
On Thu, 30 Jul 2009 02:05:02 +0200, jpd at videolan.org wrote:
> I'm not aware that ssl is much more computationally expensive than
> gpg
With OpenPGP, the server does NOT make ANY cryptographic operation. It just
serves a file (over HTTP) that happens to contain a digital signature...
And you can replicate that file to any number of mirrors without problems.
HTTP/SSL means the server needs to do a public-key cryptographic operation
for each and every connections, then use symmetric cryptography to
cipher/decipher the payload. On top of that, we cannot handle virtual hosts
(since Apache does not support TLS-SNI). We cannot serve the file from
mirrors (we can't force them to do SSL). If the server is hacked, we may
end up shipping Trojan horses to all users. With OpenPGP, we don't need to
put the private key on the server, and we can protect it with a pass-phrase
also. And, depending on the of the SSL framework, we may have to pay an
x.509 certificate eternally.
It's probably not an accident that apt and similar things use OpenPGP
rather than SSL/TLS.
--
Rémi Denis-Courmont
More information about the vlc-devel
mailing list