From owner-freebsd-hackers@FreeBSD.ORG Sat Nov 6 06:04:22 2010 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D2AF2106566B; Sat, 6 Nov 2010 06:04:22 +0000 (UTC) (envelope-from yanegomi@gmail.com) Received: from mail-gw0-f54.google.com (mail-gw0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id 7662D8FC12; Sat, 6 Nov 2010 06:04:22 +0000 (UTC) Received: by gwj16 with SMTP id 16so2703526gwj.13 for ; Fri, 05 Nov 2010 23:04:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=5sF20wumfVfi/FYWjRHTNRp/EmobUAXcaKnGX/nNZVY=; b=vCob5dyV5X3dUwAn6i2zK5zrWa7uSzgHHiweGLa5Ay+ZM/8BMKAsiVoOvTgDyOxEA3 I3EDI51CqaXAQ8YbdOsYSYb7CKGUPc0iNIXBhoQurNszrSDhe2jhQP3JCstZK5EDMTXv DAdg+hg94CBnPoL+tddOx4R7uFRJXFE6/zJmo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=STkwZvsSthj6U0HrOheVnZlPb/mrpyrjBgN0scL/qF4K8CLu95vLAYupl+dynxp7QW +m1pV5FkxVDHHaNbiabb1G4gyQnjtLyEEcBr7EOTEY+mUyCRL3tUpbn7LOBcO0jxytfV lquiN9LdH0Ivbm5ycNRuD1Im+6wgvlwdeONPg= MIME-Version: 1.0 Received: by 10.91.51.38 with SMTP id d38mr2364381agk.108.1289023459875; Fri, 05 Nov 2010 23:04:19 -0700 (PDT) Sender: yanegomi@gmail.com Received: by 10.90.70.19 with HTTP; Fri, 5 Nov 2010 23:04:19 -0700 (PDT) In-Reply-To: <20101105.230617.74669306.imp@bsdimp.com> References: <201011052316.27839.jpaetzel@freebsd.org> <20101105.230617.74669306.imp@bsdimp.com> Date: Fri, 5 Nov 2010 23:04:19 -0700 X-Google-Sender-Auth: pieNafsI0RNLawFldJXUiP0bhok Message-ID: From: Garrett Cooper To: Warner Losh Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: jpaetzel@freebsd.org, freebsd-hackers@freebsd.org Subject: Re: txt-sysinstall scrapped X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Nov 2010 06:04:22 -0000 On Fri, Nov 5, 2010 at 10:06 PM, Warner Losh wrote: >> =A0 =A0 Just to add to that (because I do find it a novel idea), 1) how >> are you going to properly prevent man in the middle attacks (SSL, TLS, >> etc?), and 2) what webserver would you use? > > https or ssh. > > We're also toying with the idea of having a partition that you could > 'dd' your certs and keys to (so any system can customize the image > with keys to make sure you were talking to who you think you are). > We'd just reserve 1MB of space on partition s3. =A0We'd then check to > see if there was a tar ball. =A0If so, we'd extract it and do the > intelligent thing with the keys we find there. Wouldn't it be better just to go with a read-write media solution (USB) like Matt Dillon was suggesting at today then? Then again, determining the root device to date is still a bit kludgy isn't it? >> =A0 =A0 I bring up the former item because I wouldn't want my data going >> unencrypted across any wire, and what BSD compatible web servers did >> you guys have in store and who would maintain the server, and what >> kinds of vulnerabilities would you be introducing by adding a service >> which would be enabled by default at runtime? > > The web server would just be there at installation time. =A0You'd run it > out of the ram disk and it would evaporate when the system reboots > after it being installed. Sure. > Also, I'm not sure we even need to have to have a set of prompts. =A0If > we do the web page right, we likely can just go directly to lynx... Well... I like the curl idea a lot more for this approach (esp because it supports more protocols than just http and ftp, whereas lynx is constrained to ftp and http for the most part), but having both solutions is more heavyweight for the task than it probably should be. Cheers, -Garrett