From owner-freebsd-security@freebsd.org Tue Dec 12 18:09:33 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C465AEA0FB4 for ; Tue, 12 Dec 2017 18:09:33 +0000 (UTC) (envelope-from bakul@bitblocks.com) Received: from mail.bitblocks.com (ns1.bitblocks.com [173.228.5.8]) by mx1.freebsd.org (Postfix) with ESMTP id A2FB668E77 for ; Tue, 12 Dec 2017 18:09:33 +0000 (UTC) (envelope-from bakul@bitblocks.com) Received: from bitblocks.com (localhost [127.0.0.1]) by mail.bitblocks.com (Postfix) with ESMTP id 9F19D156E523; Tue, 12 Dec 2017 10:00:06 -0800 (PST) From: Bakul Shah To: "Poul-Henning Kamp" cc: Karl Denninger , freebsd-security@freebsd.org Subject: Re: http subversion URLs should be discontinued in favor of https URLs In-reply-to: Your message of "Tue, 12 Dec 2017 14:28:08 +0000." <26440.1513088888@critter.freebsd.dk> References: <20171205231845.5028d01d@gumby.homeunix.com> <20171210173222.GF5901@funkthat.com> <5c810101-9092-7665-d623-275c15d4612b@rawbw.com> <19bd6d57-4fa6-24d4-6262-37e1487d7ed6@rawbw.com> <5A2DB80D.3020309@sorbs.net> <20171210225326.GK5901@funkthat.com> <99305.1512947694@critter.freebsd.dk> <86d13kgnfh.fsf@desk.des.no> <79567.1513083576@critter.freebsd.dk> <26440.1513088888@critter.freebsd.dk> Comments: In-reply-to "Poul-Henning Kamp" message dated "Tue, 12 Dec 2017 14:28:08 +0000." MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <58811.1513101606.1@bitblocks.com> Content-Transfer-Encoding: quoted-printable Date: Tue, 12 Dec 2017 10:00:06 -0800 Message-Id: <20171212180021.9F19D156E523@mail.bitblocks.com> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2017 18:09:33 -0000 On Tue, 12 Dec 2017 14:28:08 +0000 "Poul-Henning Kamp" wrote: > = > For the FreeBSD SVN tree, this could almost be as simple as posting > an email, maybe once a week, with the exact revision checked out > and the PGP signed output of: > = > svn co ... && find ... -print | sort | xargs cat | sha256 > = > Such an archive would also be invaluable for reauthenticating in > case, somebody ever manages to do something evil to our repo. Sort of a public ledger. I have a vague memory of some project *publishing* a crypto fingerprint of a collection of documents in a well-known newspaper.... I think it was this one: https://www.technologyreview.com/s/402961/fingerprinting-your-files/ Computing hashes of hashes is also the basis of a secure timestamp service invented by Stuart Haber and Scott Stornetta while the two were at Bellcore in 1990. The service, called Surety, makes it possible to generate a cryptographically secure and unforgeable proof that a given document, photograph, or other file existed at a particular time on a particular date and that it hasnt been changed since. The Surety technique works by computing a hash tree based on the hash codes of every document being time-stamped. The root of the tree is then published in a well-known locationit could, for example, be printed in a classified advertisement in the New York Times. You can prove that your document existed on the day in question by showing that your documents fingerprint was needed to generate the fingerprint-of-fingerprints that appeared in the newspaper. Nowadays can you even trust NYT?!