Date: Tue, 27 Mar 2018 08:30:08 -0700 From: Conrad Meyer <cem@freebsd.org> To: Benjamin Kaduk <bjkfbsd@gmail.com> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers <src-committers@freebsd.org> Subject: Re: svn commit: r331618 - head/share/man/man7 Message-ID: <CAG6CVpWf5Vkz_ACsAOrzuPR9-4z8hR6ATxnePKpMuP_jLkvVRA@mail.gmail.com> In-Reply-To: <CAJ5_RoCNDvr5mh7%2B0Hp44zOOjJFqATNandSbomp8nmcSTGLbgQ@mail.gmail.com> References: <201803271451.w2REpJP9078197@repo.freebsd.org> <201803271457.w2REv6tH052497@pdx.rh.CN85.dnsmgr.net> <CAJ5_RoCNDvr5mh7%2B0Hp44zOOjJFqATNandSbomp8nmcSTGLbgQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thinking of the network as attacker-controlled is fine, but without the CA certificate database in ports, TLS provides neither data integrity nor confidentiality.[0] Even with certificate validation, it's unlikely that TLS provides meaningful confidentiality for svn.freebsd.org =E2=80=94 IP still exposes t= he server's address: $ host 8.8.178.107 107.178.8.8.in-addr.arpa domain name pointer svnmir.ysv.freebsd.org Even a naive network attacker can determine that you are interacting with a FreeBSD source mirror, and can determine the direction of the flow of information based on simple count of upload / download bytes. Best, Conrad P.S., we should probably ship a CA database in base. Maybe with an override version in ports to match our release model. But, base should be able to authenticate certificates out of the box. [0]: https://github.com/moxie0/sslsniff On Tue, Mar 27, 2018 at 8:01 AM, Benjamin Kaduk <bjkfbsd@gmail.com> wrote: > On Tue, Mar 27, 2018 at 9:57 AM, Rodney W. Grimes > <freebsd@pdx.rh.cn85.dnsmgr.net> wrote: >> >> > Author: trasz >> > Date: Tue Mar 27 14:51:19 2018 >> > New Revision: 331618 >> > URL: https://svnweb.freebsd.org/changeset/base/331618 >> > >> > Log: >> > Use https:// instead of http://. >> > >> > MFC after: 2 weeks >> > >> > Modified: >> > head/share/man/man7/development.7 >> > >> > Modified: head/share/man/man7/development.7 >> > >> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >> > --- head/share/man/man7/development.7 Tue Mar 27 14:50:12 2018 >> > (r331617) >> > +++ head/share/man/man7/development.7 Tue Mar 27 14:51:19 2018 >> > (r331618) >> > @@ -57,7 +57,7 @@ can be found at: >> > FreeBSD src development takes place in the CURRENT branch in >> > Subversion, >> > located at: >> > .Pp >> > -.Lk http://svn.FreeBSD.org/base/head >> > +.Lk https://svn.FreeBSD.org/base/head >> > .Pp >> > There is also a read-only GitHub mirror at: >> > .Pp >> >> Why do we want to run the load of TLS for what are public bits? >> And fyi a default install of FreeBSD can not use https, you have >> to install certs from ports before any of these https links >> can even work, and that can be a royal pita in some situations. > > > Many of us are used to thinking of the network as controlled by an attack= er. > Running http-not-s to fetch the sources lets "the attacker" supply an > arbitrary > collection of bits under the name FreeBSD without a good way for the user= to > check that the bits on their disk match what the FreeBSD Project expects > them to be. > TLS provides data integrity as well as confidentiality... > > -Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpWf5Vkz_ACsAOrzuPR9-4z8hR6ATxnePKpMuP_jLkvVRA>