Hacker Neue

Preferences
candiodari parent
I don't understand the complaints about this. What does https buy you in this case ?

Security against your client-server communications' contents being observed by third parties. So here https ... gives ... confidentiality ... to ... public ... images. Well that's useful !

It does not prevent server spoofing attacks (as in attackers changing the code you boot) in 99% of situations. Nor man-in-the-middle protection ...

So what's the point of https in this situation ? Certificate, cert pinning, ... are all useless in this situation (certificate only helps on repeat visits, which of course never applies in this situation. Cert pinning only helps for specific sites (not this one) and even if it did, only when the originating software is really up to date (which is just not going to be the case here).

So you can just as well say that http is perfectly secure in this case. Or at least ... as secure as https is going to be.

There's quite a bit more to security than "use https".

LeonM
> What does https buy you in this case ?

It ensures the response from the webserver really is from netboot.xyz, and not from any mitm server.

> It does not prevent server spoofing attacks (as in attackers changing the code you boot) in 99% of situations. Nor man-in-the-middle protection ...

Can you elaborate? How would you spoof the server response without having a valid certificate key for the netboot.xyz domain?

gsich
For this to work trusted CAs need to be compiled into the iPXE binary. Since those can change you'll need to update that binary from time to time. Or ignore cert warnings, which reduces the security to plain HTTP.
kpcyrd
>> server spoofing attacks (as in attackers changing the code you boot) > Can you elaborate?

I think this is referring to the server being compromised. This isn't something that can be solved easily because while the bootloader could include signify[1] to verify its downloads, the bootloader itself can't be verified with anything. (disclaimer: I don't know very much about iPXE)

https://www.openbsd.org/papers/bsdcan-signify.html

shittyadmin
Assuming they're performing proper CA verification it lowers the trust level from your entire connection to just the CAs and netboot.xyz administrators - preventing MITM attacks in the local network where they're most often performed. Perhaps it's not perfect but it seems like a pretty major improvement.

This item has no comments currently.