Date: Wed, 9 Oct 2002 14:34:48 -0700 (PDT) From: Mike Hoskins <mike@adept.org> To: security@FreeBSD.ORG Subject: md5 checksum server Message-ID: <20021009142623.Q88247-100000@fubar.adept.org> In-Reply-To: <20021009203501.GA67010@carbon.berkeley.netdot.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Oct 2002, Nicholas Esborn wrote: > A common method for verifying distfiles against seperately administrated > checksums would be very useful. I like the checksum server idea. This wouldn't be hard. Write a script that grabs the MD5 checksums from the ports collection (on a server that's trusted and up to date) and turns the MD5 sums into TXT records in a md5.somedomain.com DNS zone. Then people can issue queries like sendmail.a.b.c.md5.somedomain.com and get the MD5 sum returned for sendmail version a.b.c. Think portsdb.org, but for md5 sums instead of TCP and UDP ports. As for how useful this really is... Well, is it any harder to grab the MD5 sum from the vendor and compare yourself vs. doing a DNS lookup? Probably not. Also, while the vendor sites/sums can certainly be compromised, some would argue adding a third-party source for the sums just creates another attack vector. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021009142623.Q88247-100000>