From owner-freebsd-arch Wed Mar 14 12:18: 0 2001 Delivered-To: freebsd-arch@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id F23C837B718; Wed, 14 Mar 2001 12:17:56 -0800 (PST) (envelope-from nate@yogotech.com) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id NAA17898; Wed, 14 Mar 2001 13:17:52 -0700 (MST) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id NAA27218; Wed, 14 Mar 2001 13:17:51 -0700 (MST) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15023.53743.215996.538067@nomad.yogotech.com> Date: Wed, 14 Mar 2001 13:17:51 -0700 (MST) To: Adrian Chadd Cc: Poul-Henning Kamp , freebsd-arch@FreeBSD.ORG Subject: Re: [PATCH] add a SITE MD5 command to ftpd In-Reply-To: <20010314210758.A2405@roaming.cacheboy.net> References: <20010314105918.A5204@roaming.cacheboy.net> <35525.984597779@critter> <20010314210758.A2405@roaming.cacheboy.net> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > That SITE MD5 would amount to innovation and progress. We don't do > > that in FreeBSD (any more). > > > > hah. > > > I think SITE MD5 should be added, so we can get some experience with > > it. If it isn't a good idea, we'll drop it again, if it is, we > > will propagate it. > > > > The only argument I've seen against was "Uhm, we want to loose our > > current ftpd in favour of XXX" for some value of XXX. I don't think > > it is important which version of ftpd we implement it in, so that > > is hardly an argument against. > > I think o'brien and a few other irc people pointed out that you can't > trust the md5 coming back from the user, so the only thing you *can* > do is download the file and check it yourself. I think everyone's is forgetting the 'real' reason for SITE-MD5. It's existance is not one of 'trust', but the reason to do this is because it allows the ports checker (and mirrors) to determine if a file has changed. Not whether or not it's trustable, not whether or not someone has hacked the server, but whether it has changed or not. The current check only sees if the file exists, but has no way of checking to see if the file has changed and the filename is the same. The ports system itself takes care of the 'trust' issue, but the mirror and ports checkers are less worried about security, and are more interested in checking to see if a file is the same. We have the security mechanism in place to make sure the file is 'trustworthy' (at least, a minimal check anyway). SITE-MD5 fixes this problem. It doesn't try to be all things to all people, but it's not trying to solve world-hunger, just make the existing mirroring and check scripts more intelligent w/out requiring massive amounts of wasted bandwidth. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message