On 2021-08-21 12:04:32 +0100 (+0100), Phil Morrell wrote: > On Sat, Aug 21, 2021 at 10:40:32AM +0200, Wouter Verhelst wrote: [...] > > However, I've not been able to come up with a scheme which is simple > > enough to be doable on a LAN while at the same time be usable by larger > > network providers, *and* which can't also be abused by MitM attackers. > > Isn't the MitM handled by archive signatures etc., hence why http is > fine? True I haven't tested this in a large network, since usually > configuration management is in place, but apparently mDNS can even > traverse routers via Multicast BGP.
As already pointed out by others, the risk is that a MitM could serve you outdated package indices and packages, silently blocking you from patching some known vulnerability until the index expires, which might provide the attacker some extra time to work on exploiting that vulnerability. The practicality of this particular attack isn't all that high, as there are often going to be other avenues of compromise which involve less effort on the part of the attacker anyway. Still, people are correct to call it out as some form of risk. -- Jeremy Stanley
signature.asc
Description: PGP signature
