From owner-freebsd-security Tue May 7 12:55:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 683A037B404 for ; Tue, 7 May 2002 12:55:41 -0700 (PDT) Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.3/8.12.3) with ESMTP id g47JteEN077795; Tue, 7 May 2002 15:55:40 -0400 (EDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.3/8.12.3/Submit) id g47Jtedk077792; Tue, 7 May 2002 15:55:40 -0400 (EDT) Date: Tue, 7 May 2002 15:55:40 -0400 (EDT) From: Garrett Wollman Message-Id: <200205071955.g47Jtedk077792@khavrinen.lcs.mit.edu> To: "Karsten W. Rohrbach" Cc: security@FreeBSD.ORG Subject: ports signing, Was: cvsup/install over ssh? In-Reply-To: <20020507144833.L15411@mail.webmonster.de> References: <20020507144833.L15411@mail.webmonster.de> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org < said: > on a high-volume download site i wouldn't even think about implementing > payload signing/encryption on the network layer. the cost of cpu cycles > in such an environment is much too high. as hardware gets faster and > cheaper, it might become reality. Speaking as a mirror operator, I have absolutely no interest whatsoever in doing so. > perhaps someday, there will be tokens and configuration info available > for ftp.freebsd.org, but what about the mirrors? There is a research group in our Lab who are working on solving this problem for the general case of certifying distributed replicas of public data. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message