From owner-freebsd-security@freebsd.org  Tue Dec 12 12:08:06 2017
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 52195E967B2
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Tue, 12 Dec 2017 12:08:06 +0000 (UTC) (envelope-from des@des.no)
Received: from smtp.des.no (smtp.des.no [194.63.250.102])
 by mx1.freebsd.org (Postfix) with ESMTP id 14A49792BA
 for <freebsd-security@freebsd.org>; Tue, 12 Dec 2017 12:08:05 +0000 (UTC)
 (envelope-from des@des.no)
Received: from desk.des.no (smtp.des.no [194.63.250.102])
 by smtp.des.no (Postfix) with ESMTP id 258DC1019E;
 Tue, 12 Dec 2017 12:08:05 +0000 (UTC)
Received: by desk.des.no (Postfix, from userid 1001)
 id 181C686277; Tue, 12 Dec 2017 12:06:58 +0000 (UTC)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
Cc: John-Mark Gurney <jmg@funkthat.com>, Yuri <yuri@rawbw.com>,
 RW <rwmaillists@googlemail.com>, Michelle Sullivan <michelle@sorbs.net>,
 Igor Mozolevsky <mozolevsky@gmail.com>,
 freebsd security <freebsd-security@freebsd.org>
Subject: Re: http subversion URLs should be discontinued in favor of https URLs
References: <20171205231845.5028d01d@gumby.homeunix.com>
 <CADWvR2gVn8H5h6LYB5ddwUHYwDtiLCuYndsXhJywi7Q9vNsYvw@mail.gmail.com>
 <20171210173222.GF5901@funkthat.com>
 <CADWvR2iGQOtcU=FnU-fNsso2eLCCQn=swnOLoqws+33V8VzX1Q@mail.gmail.com>
 <5c810101-9092-7665-d623-275c15d4612b@rawbw.com>
 <CADWvR2j_LLEPKnSynRRmP4LG3mypdkNitwg+7vSh=iuJ=JU09Q@mail.gmail.com>
 <fd888f6b-bf16-f029-06d3-9a9b754dc676@rawbw.com>
 <CADWvR2jnxVwXmTA9XpZhGYnCAhFVifqqx2MvYeSeHmYEybaNnA@mail.gmail.com>
 <19bd6d57-4fa6-24d4-6262-37e1487d7ed6@rawbw.com>
 <5A2DB80D.3020309@sorbs.net> <20171210225326.GK5901@funkthat.com>
 <99305.1512947694@critter.freebsd.dk>
Date: Tue, 12 Dec 2017 13:06:58 +0100
In-Reply-To: <99305.1512947694@critter.freebsd.dk> (Poul-Henning Kamp's
 message of "Sun, 10 Dec 2017 23:14:54 +0000")
Message-ID: <86d13kgnfh.fsf@desk.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Dec 2017 12:08:06 -0000

"Poul-Henning Kamp" <phk@phk.freebsd.dk> writes:
> The only realistic way for the FreeBSD project to implement end-to-end
> trust, is HTTPS with a self-signed cert, distributed and verified
> using the projects PGP-trust-mesh and strong social network.

Your suggestion does not remove implicit and possibly misplaced trust,
it just moves it from one place to another.  Instead of trusting a
certificate authority and DNS, you trust the source of the public key,
and probably also DNS.  As always, it boils down to a) key distribution
is hard and b) what's your threat model?

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no