I never understood why domains used to NTP and Package mirrors depend on external, commercial, certificate authorities.
It could be a fallback, with a red big warning to manually check the certs are alright when you need it (e.g too long without synching your root certificates package). But for most cases there is no excuse not having it local at all times.
I mean MITM a domain essential for the "distro" should be at least just a little bit harder than regular MITM.
I've always wondered a similar thing... why is reputation-based TLD network security limited to a single verification entity (CA w/ revocation policy)? Seems obvious to me certs should be signed (and thus revokable) from multiple entities by default. I've implemented this before in clients ad-hoc, but why isn't it default?
Don't get me started on authoritative DNS security.
It could be a fallback, with a red big warning to manually check the certs are alright when you need it (e.g too long without synching your root certificates package). But for most cases there is no excuse not having it local at all times.
I mean MITM a domain essential for the "distro" should be at least just a little bit harder than regular MITM.