Date: Wed, 14 Mar 2001 13:23:53 -0700 (MST) From: Nate Williams <nate@yogotech.com> To: Adrian Chadd <adrian@freebsd.org> Cc: Nate Williams <nate@yogotech.com>, freebsd-arch@freebsd.org Subject: Re: [PATCH] add a SITE MD5 command to ftpd Message-ID: <15023.54105.813938.948558@nomad.yogotech.com> In-Reply-To: <20010314212300.A2747@roaming.cacheboy.net> References: <20010314105918.A5204@roaming.cacheboy.net> <35525.984597779@critter> <20010314210758.A2405@roaming.cacheboy.net> <15023.53743.215996.538067@nomad.yogotech.com> <20010314212300.A2747@roaming.cacheboy.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I think everyone's is forgetting the 'real' reason for SITE-MD5. It's > > existance is not one of 'trust', but the reason to do this is because it > > allows the ports checker (and mirrors) to determine if a file has > > changed. Not whether or not it's trustable, not whether or not someone > > has hacked the server, but whether it has changed or not. > > I agree. the reasoning for me mentioning trust here is that it was the > basis for the entire irc discussion earlier on this (UTC+1) morning > as to why it was bad. > > Some people would say "use rsync!" :-) Except that also misses the point. If you can spoof MD5, you can spoof rsync just as easily. SITE-MD5 is an 'advisory' feature, and not a security feature. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15023.54105.813938.948558>