From owner-freebsd-questions@FreeBSD.ORG  Fri Jan  2 19:28:51 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5B4481065670
	for <freebsd-questions@freebsd.org>;
	Fri,  2 Jan 2009 19:28:51 +0000 (UTC)
	(envelope-from cpghost@cordula.ws)
Received: from fw.farid-hajji.net (fw.farid-hajji.net [213.146.115.42])
	by mx1.freebsd.org (Postfix) with ESMTP id E78F58FC1D
	for <freebsd-questions@freebsd.org>;
	Fri,  2 Jan 2009 19:28:50 +0000 (UTC)
	(envelope-from cpghost@cordula.ws)
Received: from phenom.cordula.ws (phenom [192.168.254.60])
	by fw.farid-hajji.net (Postfix) with ESMTP id BB36736591;
	Fri,  2 Jan 2009 20:28:48 +0100 (CET)
Date: Fri, 2 Jan 2009 20:30:02 +0100
From: cpghost <cpghost@cordula.ws>
To: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>
Message-ID: <20090102193002.GA72103@phenom.cordula.ws>
References: <20090102164412.GA1258@phenom.cordula.ws>
	<cd6b4a5b0901020926t11dc7817j74e44cf61980f262@mail.gmail.com>
	<20090102180524.GA1742@phenom.cordula.ws>
	<20090102200221.K39573@wojtek.tensor.gdynia.pl>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20090102200221.K39573@wojtek.tensor.gdynia.pl>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: freebsd-questions@freebsd.org
Subject: Re: Foiling MITM attacks on source and ports trees
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jan 2009 19:28:51 -0000

On Fri, Jan 02, 2009 at 08:04:10PM +0100, Wojciech Puchar wrote:
> > It's a beginning for sure. I assume (403 error) Max generates and
> > saves digests on his snapshots and the verification script does the
> > same locally and simply compares both lists.
>
> it's plain paranoia. Yes such attacks are possible but usually there 100 
> other ways to compromise Your systems.
> 
> if one really care then make your VPN for all your computers, use one that 
> is unknown for others to download portsnap etc. and then use rsync to 
> populate it to other machines.

I'm already getting the files from one location and disseminate
them via rsync-over-SSH-over-VPNs to the server farms. But the
problem is the initial download from a cvsup mirror. That's the
one I'm really concerned with.

Note that I'm not concerned (all too much) with the integrity of the
cvsup mirrors themselves (I trust cvsup server admins to take proper
precautions against MITM between themselves and the master server,
right guys?), but with the integrity of the TCP connection of random
clients to those mirrors. That's the weakest link in the security
chain, and I hope we can find a way to strenghten it.

Thanks,
-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/