From owner-freebsd-binup  Sat Mar  8 14:34:44 2003
Delivered-To: freebsd-binup@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EA56737B401
	for <freebsd-binup@FreeBSD.ORG>; Sat,  8 Mar 2003 14:34:42 -0800 (PST)
Received: from mta06-svc.ntlworld.com (mta06-svc.ntlworld.com [62.253.162.46])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CCA2743F75
	for <freebsd-binup@FreeBSD.ORG>; Sat,  8 Mar 2003 14:34:41 -0800 (PST)
	(envelope-from colin.percival@wadham.ox.ac.uk)
Received: from piii600.wadham.ox.ac.uk ([81.103.196.4])
          by mta06-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20030308223440.OKL8575.mta06-svc.ntlworld.com@piii600.wadham.ox.ac.uk>;
          Sat, 8 Mar 2003 22:34:40 +0000
Message-Id: <5.0.2.1.1.20030308222612.033d0e90@popserver.sfu.ca>
X-Sender: cperciva@popserver.sfu.ca
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Sat, 08 Mar 2003 22:34:37 +0000
To: "Simon L. Nielsen" <simon@nitro.dk>
From: Colin Percival <colin.percival@wadham.ox.ac.uk>
Subject: Re: binup project
Cc: freebsd-binup@FreeBSD.ORG
In-Reply-To: <20030308180302.GA431@nitro.dk>
References: <5.0.2.1.1.20030307134749.01d80ba8@popserver.sfu.ca>
 <200303061459.00436.michael@zend.com>
 <200303061459.00436.michael@zend.com>
 <5.0.2.1.1.20030307134749.01d80ba8@popserver.sfu.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-binup@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-binup.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-binup>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-binup>
X-Loop: FreeBSD.ORG

At 19:03 08/03/2003 +0100, Simon L. Nielsen wrote:
>I remember looking at it and it looked very interesting. If I remember 
>correctly
>on "only" deals with making/applying updated and not the distribution right?
>
>Perhaps your code could be put together with the simple HTTP protocol I was
>looking at to actually get a complete remote binary updater... It could be a
>start for a full binup.

   My code cryptographically signs the updates; they can then be 
distributed by whatever means is convenient (http, ftp, shortwave radio 
broadcast...) although since the client code uses fetch(1) that imposes 
some restrictions.  Doing things this way, in addition to eliminating 
spoofing attacks, also makes it possible for the severely paranoid to 
perform all secure operations on a system which is physically disconnected 
from the Internet (and copy the update files to a webserver via sneakernet).

Colin Percival



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-binup" in the body of the message