From owner-freebsd-arch Thu Mar 15 10:50:56 2001 Delivered-To: freebsd-arch@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 23FD637B718 for ; Thu, 15 Mar 2001 10:50:52 -0800 (PST) (envelope-from nate@yogotech.com) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id LAA10000; Thu, 15 Mar 2001 11:50:46 -0700 (MST) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id LAA05535; Thu, 15 Mar 2001 11:50:45 -0700 (MST) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15025.3845.13790.411778@nomad.yogotech.com> Date: Thu, 15 Mar 2001 11:50:45 -0700 (MST) To: Terry Lambert Cc: brooks@one-eyed-alien.net (Brooks Davis), roam@orbitel.bg (Peter Pentchev), freebsd-arch@FreeBSD.ORG Subject: Re: [PATCH] add a SITE MD5 command to ftpd In-Reply-To: <200103150439.VAA01217@usr05.primenet.com> References: <20010314161555.A4984@Odin.AC.HMC.Edu> <200103150439.VAA01217@usr05.primenet.com> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > This is a reasionable objection to the implemention in question, but not > > to the concept as a whole. If you just cache the MD5 and the mtime at > > the time of the MD5 you only pay for files that have never been MD5ed > > or have changed since you last MD5ed them. You could easily cache them > > either in files the ftp server ignores like .md5. or in a > > shared cache file. Neither would be all that difficult to implement. > > The VFS option someone else mentioned could work the same way except > > being more efficent. > > I suggested both of these (see other posts). > > > > I'm frankly, completly mystified by the various comments about this not > > being a security feature. Of course it's not. That's blindly obvious. > > I've always taken it as a security feature. The client MD5 matching *is* a security features. SITE-MD5 on an ftp/http server is not, because the client is doing the security for us. At the remote site, it's an 'optimization' to avoid having to download a file that isn't going to match anyway. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message