© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
= Updates =
Ubuntu downloads updates over http by default, however that is not insecure. This is because all those updates are validated with GPG against the keys that are already on the system in the ubuntu-keyring package.
The signatures on our updates are strong, bashed on SHA512 checksums at the moment.
It is signed at the moment by two keys, as we are still in a transition period - 1024 dsa key and 4096 rsa key.
See for yourself at:
http://
And that key is part of the strong set of trusted GPG keys. E.g. I am lucky enough to have a trust path to those keys via James Troup and Steve Langasek. But I find that much stronger than to arbitrary trust all SSL certs for example.
Switching to SSL is a knee-jerk reaction, which is not really appropriate for a mirrored update server. First of all, we must support for people to create a private mirror of Ubuntu on internal networks to update their internal infrastructure. And on the other hand we may not trust all SSL certificates from all the authorities either (because then a rogue CA will be able to misrepresent an update server). This means that if we were to rely on SSL, we would have to use certificate pinning to only ever trust a single certificate, thus making the overall security solution less reliable than the current secure GnuPG protected updates.
Also note, the security track record of GnuPG signing and validation, is far better to date than SSL/TLS across multiple implementations of both server and client sides.
= Initial installation =
Granted the initial ubuntu-keyring package is installed on the system from somewhere. It typically comes from an .iso image which the person downloads and installs. To be prudent, one should verify the SHA checksums of the .iso images, and the gpg signatures of those checksums, thus validating that the image has in fact originated from Ubuntu by means of the GnuPG web of trust.
e.g.
http://
http://
= End note =
Ubuntu does not use MD5 as the only, nor as default checksuming. It is not used to generate signatures. Please note that SSL, TLS, and GnuPG are all types of cryptographic signatures. Thus I'm not sure what you mean by some of your statements.
Overall we protect the content, rather than the protocol. And thus support CDN distribution, global mirroring network and country mirrors. Unlike TLS, the encryption key does not participate in establishing the connection, and thus is maintained offline. Avoiding a class of problems with leaking key material as has been demonstrated with TLS and heart-bleed vulnerability.
The privacy issue is not addressed, this is true. However this alone does not undermine the security and authenticity of Ubuntu update process.