From owner-freebsd-current@freebsd.org Mon Oct 7 10:58:42 2019 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6134712AD95; Mon, 7 Oct 2019 10:58:42 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: from mail-ot1-f44.google.com (mail-ot1-f44.google.com [209.85.210.44]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46myC52Vd1z3MFb; Mon, 7 Oct 2019 10:58:41 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: by mail-ot1-f44.google.com with SMTP id g13so10550845otp.8; Mon, 07 Oct 2019 03:58:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZQglkprzouiwdiyAqljwW4pNNdxzzgvG/tHZdTtHdaU=; b=kWXM75kO1SxWARv4a3o10n3Ix+8f7RzsuCToBRnDzipBJ8tBP/mndA+83GEd3ewP0I cHgTKJ+lubq7QvgjtJtgcHNuCsQ0tXMzxmtP1ENjnpH0ABkNUDe/tlRJpwXCMTaF8GN+ /a3Aj75biS8V7/tJaDn1c17UCdw3uT3FLVbcfXhSWHCtxamF7jPmk0VVK5yEFGhVPNyW J1OCnwU6Nf7uIGlyaPu16S6kT+BGZAPzJDLf25Poyc3QAk+txFDbXt3EeuZHAForruNt wL/WBOpmbnlqaYbQGTg5FtH1UTYXyc5uuwwh/kfIML/UPOPA129Lg++tiV13maaN2tNI kzQw== X-Gm-Message-State: APjAAAV/YZM28xdYFcPtkfffpru8FfJ6G4lkntsx27Z23kUysN+PjXj8 9FUcdNiKHWCR/C38rB1XZTsjemYvrgaV+hjPijo= X-Google-Smtp-Source: APXvYqxqjKwyq2Gd531raW3AljdxW03f+jemi8TfQhP1/wW0XvWTxTQOEtS8WiW6KKETkJXNjj/cyLRCGG+KBLe476k= X-Received: by 2002:a05:6830:22d7:: with SMTP id q23mr20407346otc.65.1570445919800; Mon, 07 Oct 2019 03:58:39 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Igor Mozolevsky Date: Mon, 7 Oct 2019 11:58:03 +0100 Message-ID: Subject: Re: Git/Mtn for FreeBSD, PGP WoT Sigs, Merkel Hash Tree Based To: grarpamp Cc: freebsd security , Hackers freeBSD , freebsd-questions@freebsd.org, freebsd-current Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 46myC52Vd1z3MFb X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mozolevsky@gmail.com designates 209.85.210.44 as permitted sender) smtp.mailfrom=mozolevsky@gmail.com X-Spamd-Result: default: False [-3.17 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[hybrid-lab.co.uk]; RWL_MAILSPIKE_GOOD(0.00)[44.210.85.209.rep.mailspike.net : 127.0.0.18]; RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[44.210.85.209.list.dnswl.org : 127.0.5.0]; IP_SCORE(-1.17)[ip: (-0.41), ipnet: 209.85.128.0/17(-3.26), asn: 15169(-2.14), country: US(-0.05)]; FORGED_SENDER(0.30)[igor@hybrid-lab.co.uk,mozolevsky@gmail.com]; FREEMAIL_TO(0.00)[gmail.com]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[igor@hybrid-lab.co.uk,mozolevsky@gmail.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 10:58:42 -0000 On Mon, 7 Oct 2019 at 08:43, grarpamp wrote: > > On 10/4/19, Igor Mozolevsky wrote: > > On Fri, 20 Sep 2019 at 22:01, grarpamp wrote: > >> > >> For consideration... > >> https://lists.freebsd.org/pipermail/freebsd-security/2019-September/010099.html > >> > >> SVN really may not offer much in the way of native > >> internal self authenticating repo to cryptographic levels > >> of security against bitrot, transit corruption and repo ops, > >> external physical editing, have much signing options, etc. > >> Similar to blockchain and ZFS hash merkle-ization, > >> signing the repo init and later points tags commits, > >> along with full verification toolset, is useful function. > > > > > > > > > > Isn't UNIX(TM) philosophy that a program should do one thing and do it > > well? Just because people can't be bothered to learn to use multiple > > tools to do *multiple* tasks on the same dataset, is not a reason, let > > alone "the reason," to increase any program complexity to orders of > > N^M^K^L so that one "foo checkout" does all the things one wants! > > Was r353001 cryptosigned so people can verify it with > a second standalone multiple tool called "PGP", after the > first standalone multiple tool called "repo checkout"? > Was it crypto chained back into a crypto history so they could > treat it as a secure diff (the function of a third standalone multiple > tool "diff a b") instead of as entirely separate (and space wasting > set of) unlinked independant assertions / issuances as to a state? > How much time does that take over time each time vs > perhaps loading signed set of keys into repo client config. I'm guessing they are rhetorical questions; but you ought to look up how to do tool chaining in any flavour in UNIX(TM). > Is LOGO and tape better because less complex tool than C and disk. For some people, perhaps. > > crypto IS NOT a substitute for good data keeping > > practices. > > Who said that it was. However it can be a wrapper of > proof / certification / detection / assurance / integrity / test > over them... a good thing to have there, as opposed to nothing. What is the specific risk model you're mitigating---all you say is hugely speculative?! > > Also, what empirical data do you have for repo bitrot/transit > > corruption that is NOT caught by underlying media? > > Why are people even bothering to sha-2 or sign iso's, or > reproducible builds? There is some integrity function there. > Else just quit doing those too then. Funny you should say that, Microsoft, for example, don't checksum their ISOs for the OSes. You missed the point about reproducible builds entirely: given code A from Alice and package B from Bob, Charlie can compile package C from A and verify that C is identical to B, a simple `diff' of binaries is sufficient for that! The problem is that a lot of the time code A itself is buggy to such degree that it's vulnerable to attack (recall Heartbleed, for example). Crappy code is not mitigated by any layer of additional integrity checking of the same crappy code! > Many sources people can find, just search... > https://www.zdnet.com/article/dram-error-rates-nightmare-on-dimm-street/ > http://www.cs.toronto.edu/~bianca/papers/sigmetrics09.pdf > http://www.cs.toronto.edu/~bianca/papers/ASPLOS2012.pdf > https://www.jedec.org/sites/default/files/Barbara_A_summary.pdf > https://en.wikipedia.org/wiki/Data_degradation > https://en.wikipedia.org/wiki/ECC_memory > https://en.wikipedia.org/wiki/Soft_error I don't bother with second-hand rumors on WikiPedia so I'm not even going to bother looking there, but as for the rest, seriously, you're quoting a study of DDR1 and DDR2??? I have it on good authority that when at least one manufactured moved to smaller die process for DDR3 they saw the error rates plummet to their own surprise (as they were expecting the opposite) and now we're on DDR4, and what's the die size there?.. Perhaps you need to look into the error rates of EDO RAM et al too? In any event, ECC, integrity checking etc is done on the underlying media to detect and in some cases correct errors so you have to worry less about it at higher levels, so getting so obsessed by it is just silly especially advocating for a tool to do it all in one go! Here's a question to ponder: if code set X, certificate Y, and signed digest Z are stored on one media (remote server in your case), and your computed digest doesn't match digest Z, what part was corrupt, X, Y, or Z, or your checksumming? > Already have RowHammer too, who is researching DiskHammer? And RowHammer has been successfully demonstrated in a production environment? How exactly are you planning on timing the attack vector to get RAM cell data when you (a) don't know when that cell will be occupied by what you want, nor (b) where that cell is going to be in the first place? Go ask any scientist who works for pharma to explain the difference between "works in a lab" and "works in the real world"... > Yes, there does need to be current baseline studies made > in 2020 across all of say Google, Amazon, Facebook global > datacenters... fiber, storage, ram, etc. It is surely not zero > errors otherwise passed. Perhaps you need to "tell" Google, Amazon, Facebook, et al about that, and then come back to us with the results of those studies? To sum up, you're advocating for extra effort with no empirical data nor a decent risk model to justify the effort, good luck! -- Igor M.