Date: Fri, 8 Dec 2017 14:48:19 +0000 From: Igor Mozolevsky <mozolevsky@gmail.com> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, freebsd security <freebsd-security@freebsd.org>, "Dag-Erling Sm??rgrav" <des@des.no>, Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au>, Gordon Tetlow <gordon@tetlows.org>, TJ Varghese <tj@tjvarghese.com> Subject: Re: http subversion URLs should be discontinued in favor of https URLs Message-ID: <CADWvR2iPfSUVAtoXQdgc2v7O9ssv%2BiTwjMOpaT09OAw0h7=QRg@mail.gmail.com> In-Reply-To: <20171208142616.u56ntsf4zx5ns2ey@mutt-hbsd> References: <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <24153.1512513836@critter.freebsd.dk> <1C30FE91-753A-47A4-9B33-481184F853E1@tetlows.org> <867etyzlad.fsf@desk.des.no> <1291.1512658230@critter.freebsd.dk> <2a8d9a0a-7a64-2dde-4e53-77ee52632846@tjvarghese.com> <3914.1512742033@critter.freebsd.dk> <20171208142616.u56ntsf4zx5ns2ey@mutt-hbsd>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8 December 2017 at 14:26, Shawn Webb <shawn.webb@hardenedbsd.org> wrote: <snip> Please note that this is likely to be my only contribution to this > thread. > > What if FreeBSD generated its own CA for use with critical > infrastructure, like the svn repo. <snip> Nobody has yet offered a concrete threat model that requires such elaborate investment. So far as I can tell, the only two things people have mentioned are: - abstract MITN-bogeyman; or - not wanting "the suits" learning one is using FreeBSD... To me, both of the above sound more unjustifiably paranoid than reasonable, yet the people advocating the above want not only an investment in elaborate infrastructure, but also waste computer cycles for crypto and network traffic for re-transmission of static data that is fully capable of getting cached thereby reducing network/server load at the source. Both Microsoft (unless you're running an MS-syndicated update server) and virtually every Linux distro require repeated downloads of the *same* data (due to HTTPS!) if you have more than one install (I am talking not just running a bunch of boxes but virtualised machines that people need to repeatedly create/destroy for whatever reason); that is a sheer insanity from the NetOps perspective! The "how do we know security updates are legitimate if they come down a mere HTTP" is answered by signing the updates themselves, rendering the S in the HTTPS redundant. -- Igor M.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADWvR2iPfSUVAtoXQdgc2v7O9ssv%2BiTwjMOpaT09OAw0h7=QRg>