How are Red Hat's product update services secured?

Updated -

To provide a secure RPM package download service, we digitally sign all packages and ensure that our client tools are communicating with Red Hat's own services only. By digitally signing our packages, and checking for signatures when installing them, we can make sure that only packages that are official Red Hat packages can be installed on your system. By ensuring our client tools only communicate with our own services, we can prevent attacks such as the man-in-the-middle attack where an attacker could cause your system to not install certain essential security updates. Both of these security mechanisms together reduce the risk of attackers being able to compromise the update stream.

When our client tools communicate with our servers, they do so by making secure connections using the TLS/SSL protocol. Our client tools check that the certificate they receive from the server is signed by a known certificate, one that we generate from our own dedicated Certificate Authority (CA). We use our own Certificate Authority so that we can maintain control over our update service and we can be certain that customers can only connect to sites containing a TLS/SSL certificate signed by Red Hat. The update tools refuse to connect to sites that do not present a certificate signed by our CA. We do not use third-party Certificate Authorities for signing these certificates as that introduces unnecessary risk because a compromise of, or a mistake made by, the Certificate Authority could jeopardize the security of our update service.

Comments