From owner-freebsd-security@freebsd.org Fri Dec 8 14:49:02 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4C10AE85410 for ; Fri, 8 Dec 2017 14:49:02 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: from mail-wr0-x22d.google.com (mail-wr0-x22d.google.com [IPv6:2a00:1450:400c:c0c::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CD09274B68 for ; Fri, 8 Dec 2017 14:49:01 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: by mail-wr0-x22d.google.com with SMTP id a41so11056756wra.6 for ; Fri, 08 Dec 2017 06:49:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bI9luiPFOoXrOMNDdkLDQfWnh8nkRATcDAWwqlwfjEE=; b=tReSu3uVue0y1UknRV+Q2qS6JeYuCS6ToFpzuzo3tWU8XFbTEKhcqMLcVNghqiMxeM sS3AQJQxLqDssGdvH9LF+Q9ZIOBNz39jycmOZ2d1CwkVmM7SZrv0wH2JsEY+W1VnwnFk 6Ibieykgzx6ThAtBIlo31qzqfqIQOoNZHN16CjVxMhq4/V/8D/SiHihDI+0TOfryV0K6 oMsvFY2MTsldomAF+KGioitNe2juBZsADUBliChuuRn+aKDQQnXYaQ3QiDwbWyooOgPQ ucg1pOwzHQpKXG4N91aS/95OT0tvha/sI2V9kHdKkHq0q/783RYRJHJtAwO1PyIjROsn Oxeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bI9luiPFOoXrOMNDdkLDQfWnh8nkRATcDAWwqlwfjEE=; b=O/mVmzJm2JKuA/iQLFtF58X4/Nhs8QWzKt/CmGi9JWFI5l2eib/hOkGCd8mmtmq4UT KOu5yx8aOS6CCIMRzQGVEigvcqAp1hEWCK/ogixirlXPBsyfFOhXuTJnk5G2DW6A6dBB pt+yhre9sFJ75xh1gXqF3B5g++9Xom7UyQCIR6VFKjUrRBoz8NC4CP//GWtqAyDcitbZ LIBFBr2L0IZlmY3fPk7aKVMuajDOBX17+tWhaMuzuZDB3zIrTwyjAXbWDvBUEPk/Pdhg hCmdkxGqakv9BDaqPULCDWKQLG6piYWb7HrewowkXnkpZyV2t39fMhvXLXYHayfGQBQa pDhA== X-Gm-Message-State: AJaThX5pp7KzmXjLfgchcisprftkjT7yZDq/REhFHlWxfme6tsUAAZgb lLQhTE2M3M5hnARKesEvkXMRQEGf8gOdneHHZj4= X-Google-Smtp-Source: AGs4zMZFnNSveod74DcVYJ3feD7i9Hpi5CaQ4YoTvvGEdHv10wWRrwCdsnDOicFy3OLGn/2a9LhSIXPzuomhoN5owDY= X-Received: by 10.223.150.46 with SMTP id b43mr27022737wra.5.1512744540264; Fri, 08 Dec 2017 06:49:00 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.90.193 with HTTP; Fri, 8 Dec 2017 06:48:19 -0800 (PST) In-Reply-To: <20171208142616.u56ntsf4zx5ns2ey@mutt-hbsd> References: <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <24153.1512513836@critter.freebsd.dk> <1C30FE91-753A-47A4-9B33-481184F853E1@tetlows.org> <867etyzlad.fsf@desk.des.no> <1291.1512658230@critter.freebsd.dk> <2a8d9a0a-7a64-2dde-4e53-77ee52632846@tjvarghese.com> <3914.1512742033@critter.freebsd.dk> <20171208142616.u56ntsf4zx5ns2ey@mutt-hbsd> From: Igor Mozolevsky Date: Fri, 8 Dec 2017 14:48:19 +0000 Message-ID: Subject: Re: http subversion URLs should be discontinued in favor of https URLs To: Shawn Webb Cc: Poul-Henning Kamp , freebsd security , "Dag-Erling Sm??rgrav" , Dewayne Geraghty , Gordon Tetlow , TJ Varghese Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Dec 2017 14:49:02 -0000 On 8 December 2017 at 14:26, Shawn Webb wrote: Please note that this is likely to be my only contribution to this > thread. > > What if FreeBSD generated its own CA for use with critical > infrastructure, like the svn repo. Nobody has yet offered a concrete threat model that requires such elaborate investment. So far as I can tell, the only two things people have mentioned are: - abstract MITN-bogeyman; or - not wanting "the suits" learning one is using FreeBSD... To me, both of the above sound more unjustifiably paranoid than reasonable, yet the people advocating the above want not only an investment in elaborate infrastructure, but also waste computer cycles for crypto and network traffic for re-transmission of static data that is fully capable of getting cached thereby reducing network/server load at the source. Both Microsoft (unless you're running an MS-syndicated update server) and virtually every Linux distro require repeated downloads of the *same* data (due to HTTPS!) if you have more than one install (I am talking not just running a bunch of boxes but virtualised machines that people need to repeatedly create/destroy for whatever reason); that is a sheer insanity from the NetOps perspective! The "how do we know security updates are legitimate if they come down a mere HTTP" is answered by signing the updates themselves, rendering the S in the HTTPS redundant. -- Igor M.