Date: Fri, 1 Jan 2021 09:08:57 -0500 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: grarpamp <grarpamp@gmail.com> Cc: freebsd-current@freebsd.org Subject: Re: HEADS UP: FreeBSD src repo transitioning to git this weekend Message-ID: <20210101140857.x3hbci6c4nwi7gl7@mutt-hbsd> In-Reply-To: <CAD2Ti2-dKMOx2-k71UyZs1kAGCXPuVwO9ee861oRFNV=aCfuqA@mail.gmail.com> References: <20201218175241.GA72552@spindle.one-eyed-alien.net> <20201218182820.1P0tK%steffen@sdaoden.eu> <20201223023242.GG31099@funkthat.com> <20201223162417.v7Ce6%steffen@sdaoden.eu> <20201229011939.GU31099@funkthat.com> <20201229210454.Lh4y_%steffen@sdaoden.eu> <20201230004620.GB31099@funkthat.com> <CAD2Ti2-4xS5n0%2B1oLOHyFh4%2BOCnwtNAAwMkkWzwRVDnt-xmb1Q@mail.gmail.com> <20201231193908.GC31099@funkthat.com> <CAD2Ti2-dKMOx2-k71UyZs1kAGCXPuVwO9ee861oRFNV=aCfuqA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--7dl3yj5s7cp5rsmt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 31, 2020 at 09:25:08PM -0500, grarpamp wrote: > > There is already HTTPS to protect the "authenticity" of the magnet > > link. >=20 > No. FreeBSD fails to publish signed fingerprints of their TLS pubkeys, > therefore users can't pin them down, therefore any MITM can bypass > CA game and MITM attack users at will, feed them bogus infohash, > isos, git repo tofu, pkg, etc. MITM is bad, MITM is in use, > and MITM fails when sig'd, verified, and pinned. There's also nation states that require use of a nation state-owned root CA cert so that they can MITM every single SSL/TLS connection. Connections that don't use/support their custom trusted root cert are either blocked or reported (or both). In this case, MITM isn't theoretically broken, it's broken in practice. And, it's broken in the worst case scenario: downloading source code that the nation state can modify in-transit. This is why I asked FreeBSD to provide anonymous read-only ssh:// support for git. I'm very grateful they support it. I also use it for HardenedBSD's sync scripts due to my own distrust of browser-based SSL/TLS PKI, even in the USA. One thing that I need to do with the HardenedBSD infrastructure is publish on our site the ssh pubkeys of the server (both RSA and ed25519). I plan to do that sometime this coming week. I wonder if it would be a good idea for FreeBSD to do the same (note: I'm not trying to commit FreeBSD to do any work; I'm just spitballing ideas.) Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Sha= wn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --7dl3yj5s7cp5rsmt Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAl/vLPYACgkQ/y5nonf4 4fqaCw/8CLlZU4TxT9TimCS8ZMivSECH4qcuZeKdWwpKqmy/xDHpwjLdCAHf+Wkq 6jY721xJEXe23yfhRunwaGwiKkIJuXbLdypMtIEe8UTCFB9ojsNs4fZEwMoj8raO 2w+OdX/cNmbSNTknDM5FNnmCEYfDbU8IyAwV4gALEUPCPjJFTX0EXfpWbj3orrD/ iWQewFBoOKinGzdd2pXQGCzq0/Uxl4jXfx9jkhnb9rVSEs0RpXWATaJv/eFrEEpW fA4rtYxwg1bjfwrxUjOIrS5JDU/USQoHVcbX31EFLI+PcgzFeSMMyR63LRQp02l9 kxvzedQ+DkiBVT68BTSQHPlRs9IlOP9vInyswVBoNuct8+sWs0CauXgpiHOX3HZD AWxDDlaJ0RDIAmESXLy2v7zmiJaaEbij4/TtHy66RzlWYRgJczuJk+6yH9N3TthL PycrT13uaamk5l/rgCiJJ1uNuCGWH/DoA/3S0QMRzXlMRFdIu7BXb4vrPMPZiuA+ tNnPqas+w6Cfq1dr7QONuvDtmgZv99iHzDh6Ieo+iKJgPu8e7iV95xU+C1c+2lb4 VBheZyS2wV/3C/rz06l/3G47NoXmhH9MFgwSYvtTTMimCwUe+Joohrl97Cj9Nwx7 5qMy/1YV1NGSR6B1p4ihAulSutUMmVVZUCUe8rwvAguPcbJoRNg= =cRl3 -----END PGP SIGNATURE----- --7dl3yj5s7cp5rsmt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210101140857.x3hbci6c4nwi7gl7>