Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 03 Jan 2009 12:45:11 +0000
From:      Matthew Seaman <>
To:        RW <>
Subject:   Re: Foiling MITM attacks on source and ports trees
Message-ID:  <>
In-Reply-To: <>
References:  <>	<> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

RW wrote:
> On Fri, 02 Jan 2009 17:30:12 +0000
> Vincent Hoffman <> wrote:
>> Admittedly this doesn't give a file by file checksum
> That's not really a problem, it's no easier to create a collision
> in a .gz file than a patch file.=20
> The more substantial weakness is that the key is verified against a
> hash stored on the original installation media. If someone went to the
> trouble of diverting dns or routing to create a fake FreeBSD site they
> would presumably make it self-consistent down to the ISO checksums.

Yes.  Anyone can generate checksums.  The standard method of getting roun=
this problem is to cryptographically sign the (lists of) checksums using
some form of public/private key pair.

Unless designed carefully, there will be substantial logistical problems =
maintaining such lists of signatures.  The least laborious mechanism I ca=
think of would be this: an SSL secured web site using a key+cert signed b=
a trusted CA[*].  This site would have privileged access to the master re=
and would run a fairly simple CGI where supplying the location of a file =
a checked out copy of a repo, plus version number information and whateve=
else is necessary to uniquely identify the specific file in question woul=
be answered with a list of checksums (MD5, SHA1, SHA265 etc.) of that fil=
Obviously, this will require substantial caching of previously calculated=

checksums simply for performance. =20

As an end user, you check out sources etc. from whatever of the mirrors i=
most suitable.  You can then verify the correctness of what's on your dis=
by comparing a locally generated checksum with what you can download via =
trusted channel from the checksum server.  Since the checksum server is o=
accessible via HTTPS and has a trusted certificate it should not be possi=
to spoof.  Traffic levels should be relatively small compared to the main=

distribution channels.  Even so, because of the SSL requirement it's goin=
g to
take a substantial piece of kit to provide this checksumming service at a=

decent performance level,  especially when there are recent new releases.=



[*] Buying a high security cert from the likes of Verisign or OpenSRS wou=
set you back about =A3800 p.a. and it would probably be necessary to use =
like the FreeBSD Foundation as an appropriate body to own the cert.

Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP:     Ramsgate
                                                  Kent, CT11 9PW

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla -



Want to link to this message? Use this URL: <>