From owner-freebsd-security Wed Oct 9 16:48:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8893437B401 for ; Wed, 9 Oct 2002 16:48:28 -0700 (PDT) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5248C43E77 for ; Wed, 9 Oct 2002 16:48:28 -0700 (PDT) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id 59077154D5; Wed, 9 Oct 2002 16:45:06 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id 58402154D3; Wed, 9 Oct 2002 16:45:06 -0700 (PDT) Date: Wed, 9 Oct 2002 16:45:06 -0700 (PDT) From: Mike Hoskins To: Lyndon Nerenberg Cc: security@FreeBSD.ORG Subject: Re: md5 checksum server In-Reply-To: <200210092206.g99M6oGI092623@orthanc.ab.ca> Message-ID: <20021009164341.E88705-100000@fubar.adept.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 9 Oct 2002, Lyndon Nerenberg wrote: > DNS isn't the right place for this. You could make the same arguments about portsdb.org... > 1) it requires DNSSEC to ensure the MD5 record data isn't forged Easy enough. > 2) DNS caching would hide updates for the duration of the TTL > attached to the TXT record Tuneable. I didn't say this was ideal, but it's easy to setup does work in the wild now for some datasets. Regardless, I'm not attached to any one proposal... Feel free to make others. :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message