From owner-freebsd-security@freebsd.org Sun Dec 10 23:15:17 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 46253EA0D30 for ; Sun, 10 Dec 2017 23:15:17 +0000 (UTC) (envelope-from phk@critter.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.freebsd.org (Postfix) with ESMTP id 053E167EBE for ; Sun, 10 Dec 2017 23:15:16 +0000 (UTC) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (unknown [192.168.55.3]) by phk.freebsd.dk (Postfix) with ESMTP id 984F62737A; Sun, 10 Dec 2017 23:15:12 +0000 (UTC) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.15.2/8.15.2) with ESMTPS id vBANEuXu099307 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 10 Dec 2017 23:14:56 GMT (envelope-from phk@critter.freebsd.dk) Received: (from phk@localhost) by critter.freebsd.dk (8.15.2/8.15.2/Submit) id vBANEs0E099306; Sun, 10 Dec 2017 23:14:54 GMT (envelope-from phk) To: John-Mark Gurney cc: Michelle Sullivan , Yuri , RW , Igor Mozolevsky , freebsd security Subject: Re: http subversion URLs should be discontinued in favor of https URLs In-reply-to: <20171210225326.GK5901@funkthat.com> From: "Poul-Henning Kamp" References: <20171205231845.5028d01d@gumby.homeunix.com> <20171210173222.GF5901@funkthat.com> <5c810101-9092-7665-d623-275c15d4612b@rawbw.com> <19bd6d57-4fa6-24d4-6262-37e1487d7ed6@rawbw.com> <5A2DB80D.3020309@sorbs.net> <20171210225326.GK5901@funkthat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <99304.1512947694.1@critter.freebsd.dk> Date: Sun, 10 Dec 2017 23:14:54 +0000 Message-ID: <99305.1512947694@critter.freebsd.dk> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Dec 2017 23:15:17 -0000 -------- In message <20171210225326.GK5901@funkthat.com>, John-Mark Gurney writes: >IMO, all security needs to be node-to-node. There's nothing "IMO" about that. The end-to-end principle became a bed-rock foundation of all rational networking with "End to End Arguments in System Design" in 1981. http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf The only realistic way for the FreeBSD project to implement end-to-end trust, is HTTPS with a self-signed cert, distributed and verified using the projects PGP-trust-mesh and strong social network. Anything else is just pretend-security today. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.