TLS may be complicated for some people. But unlike HTTP, it has even formally proven correct implementations. You can't say the same about HTTP, PGP and Apt.

> Having to harden two protocol implementations, vs. hardening just one of those.

We're speaking of a MITM here. In that case no, you don't have to harden both. (Even if you did have to, ain't nobody taking on OpenSSL before all the rest, it's not worth the effort.)

I find it kind-of weird that you can't understand that if all a MITM can tamper with is the TLS then it's irrefutably a significantly smaller surface than HTTP+PGP+Apt.

> We're speaking of a MITM here

We are speaking of the total attack surface.

1. When it comes to injecting invalid packets to break a parser, you can MITM TLS without problem. This is identical to the types of attack you claimed were relevant to HTTP-only, feeding invalid data that would be rejected by authentication of the signature.

2. Any server owning a domain name can have a valid TLS certificate, creating "trusted" connections, no MITM necessary. Any server in your existing mirrorlist can go rogue, any website you randomly visit might be evil. They can send you both signed but evil TLS packets, and malicious HTTP payloads.

3. Even if the server is good, it's feeding you externally obtained data that too could be evil.

There is no threat model here where you do not rely 100% on the validity of the HTTP stack and file signature checking. TLS only adds another attack surface, by running more exploitable code on your machine, without taking away any vulnerabilities in what it protects.

No, you want to move goalposts, but we're not speaking of some arbitrary "total attack surface". The article itself is also about a potential MITM. Then you list three cherry-picked cases, none of which actually touch upon the concerns that a plaintext connection introduces or exposes. Please stop, it's silly.

There is fundamentally no reasonable threat model where a plaintext connection (involving all these previously listed protocols) is safer against a MITM than an encrypted and authenticated one.

You don't call it "cherry-picking" when a person lists fundamental flaws in your argument.

Constantly ignoring all the flaws outlined and just reiterating your initial opinion with no basis whatsoever is at best ignorance, at worst trolling.

HTTP with signed packages is by definition a protocol with authenticated payloads, and encryption exclusively provides privacy. And no, we're not singeling out the least likely attack vector for the convenience of your argument - we're looking at the whole stack.

I do call it cherry-picking because you chose scenarios that either apply to it also without TLS or the scenarios are just (intentionally) extremely narrow in scope.

You have repeatedly ignored that we're speaking about protections against a MITM, not malicious endpoints. Because of that your desperate attempt at talking about the "whole stack" talk is also nonsense. Even if you include it, a modern TLS stack is a very difficult target. The additional surface added that hasn't been inspected with a fine-toothed comb is microscopic.

As such you've excluded the core of the problem - how an unprotected connection means that you have to simultaneously ensure that your HTTP, PGP and Apt code has to be bulletproof. This is an unavoidable result, signatures or no signatures, all that surface is exposed.

You've provided no proof or proper arguments that all three of those can achieve the same level of protection against a MITM. You've not addressed how the minuscule surface added by the TLS stack is not worth it considering the enormous surface of HTTP+PGP+Apt that gets protected against a MITM.

TLS also provides more than just privacy, I recommend you familiarize yourself with the Wikipedia page of TLS.