From owner-freebsd-arch Wed Mar 14 12:24:47 2001 Delivered-To: freebsd-arch@freebsd.org Received: from elvis.mu.org (elvis.mu.org [207.154.226.10]) by hub.freebsd.org (Postfix) with ESMTP id 5397A37B719; Wed, 14 Mar 2001 12:24:42 -0800 (PST) (envelope-from billf@elvis.mu.org) Received: by elvis.mu.org (Postfix, from userid 1098) id C9D3D81D01; Wed, 14 Mar 2001 14:24:31 -0600 (CST) Date: Wed, 14 Mar 2001 14:24:31 -0600 From: Bill Fumerola To: John Baldwin Cc: Peter Pentchev , freebsd-arch@FreeBSD.org Subject: Re: [PATCH] add a SITE MD5 command to ftpd Message-ID: <20010314142431.P31752@elvis.mu.org> References: <20010314000351.N31752@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jhb@FreeBSD.org on Tue, Mar 13, 2001 at 10:27:10PM -0800 X-Operating-System: FreeBSD 4.2-FEARSOME-20010209 i386 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Mar 13, 2001 at 10:27:10PM -0800, John Baldwin wrote: > As Terry points out, however, this isn't secure, which makes it less useful > than first appears. His 2 questions at the end are good ones. Who would use it to mean "secure"? I'd want clients to use it to determine if they downloaded the file w/o error. Other things like fenner's scripts could use it to see if the file changed (which is pretty handy, as someone pointed out, for mirroring software). Any software author that did use it would have to realize that they'd have to take the server's answer with a truckload of salt. The only thing that is minorly unpleasant about this is how non-standard of a change it is. -- Bill Fumerola - security yahoo / Yahoo! inc. - fumerola@yahoo-inc.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message