Date: Mon, 6 May 2002 15:01:03 -0700 (PDT) From: Jason Stone <jason-fbsd-security@shalott.net> To: <security@freebsd.org> Subject: Re: cvsup/install over ssh? Message-ID: <20020506144118.D6630-100000@walter> In-Reply-To: <20020506231634.A33284@energyhq.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > Why doesn't cvsup have the option to be encrypted via ssh like > anoncvs does? > > IMHO nonsense, no sensitive data is exchanged between client and > server. > Hmmkay, let me get this straight, you want to encrypt an anon ftp > session? And the purpose would be? 1) Encryption provides more than privacy - it also provides authenticity. Other package management systems (eg, rpm, dpkg) allow for pgp-signing each binary package. Using ssl certs to set up the connection to the cvsup server would provide similar authenticity functionality to cvsup'ed source upgrades. Note that if you're worried about burning too much cpu, it would be sufficient to use the equivalent of ssh v2 with a null cipher - ie, to just do per-packet MAC'ing and not actually encrypt the packet payloads. 2) People use cvsup for more than just freebsd sources - it's a generally useful tool. I was using cvsup as part of website publication some time ago - I just proxied it over a stunnel and it worked okay. Maybe we can run cvsup behind a stunnel on one of the official cvsup mirrors? -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE81v0gswXMWWtptckRAspkAJwKmSRMs/VpqnoLbgisZ9qLfXHUuACfTlA4 Zqoxeezz+oiWM6cPT0siwEE= =l4vD -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020506144118.D6630-100000>