From owner-freebsd-questions@FreeBSD.ORG Sat Jan 3 00:20:38 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EADF7106572E for ; Sat, 3 Jan 2009 00:20:38 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: from fw.farid-hajji.net (fw.farid-hajji.net [213.146.115.42]) by mx1.freebsd.org (Postfix) with ESMTP id 6FBDF8FC20 for ; Sat, 3 Jan 2009 00:20:38 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: from phenom.cordula.ws (phenom [192.168.254.60]) by fw.farid-hajji.net (Postfix) with ESMTP id AA54A367F9; Sat, 3 Jan 2009 01:20:36 +0100 (CET) Date: Sat, 3 Jan 2009 01:20:36 +0100 From: cpghost To: Wojciech Puchar Message-ID: <20090103002036.GA95076@phenom.cordula.ws> References: <20090102164412.GA1258@phenom.cordula.ws> <20090102180524.GA1742@phenom.cordula.ws> <20090102200221.K39573@wojtek.tensor.gdynia.pl> <20090102193002.GA72103@phenom.cordula.ws> <20090102225246.C39956@wojtek.tensor.gdynia.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20090102225246.C39956@wojtek.tensor.gdynia.pl> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-questions@freebsd.org Subject: Re: Foiling MITM attacks on source and ports trees X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Jan 2009 00:20:39 -0000 On Fri, Jan 02, 2009 at 10:53:29PM +0100, Wojciech Puchar wrote: > >> other ways to compromise Your systems. > >> > >> if one really care then make your VPN for all your computers, use one that > >> is unknown for others to download portsnap etc. and then use rsync to > >> populate it to other machines. > > > > I'm already getting the files from one location and disseminate > > them via rsync-over-SSH-over-VPNs to the server farms. But the > > problem is the initial download from a cvsup mirror. That's the > > one I'm really concerned with. > > just use widely-"unknown" computer like your private, even better - > something that have dynamic IP :) You wouldn't log in to your bank and rely on the assumption that your connection is NOT being actively monitored and that data could potentially be modified en-route. That's why such connections are always SSL-encoded, and why iTANs and other means are being used: the underlying TCP connection is ASSUMED to be insecure by default, and that is prudent to do. As an example: many UK users were surprised a little while ago to learn that their traffic was potentially being filtered by big transparent proxies, when some watchdog organisation required their ISPs to do so: http://en.wikipedia.org/wiki/Internet_Watch_Foundation_and_Wikipedia If this is technically possible (and it is), then you want a way to know that the sources you've downloaded in your country ARE actually the sources that are on the mirror or master sites, and have not been modified on-the-fly by similar technology. This is important, really important, and not only for individuals, but also for companies that what to avoid industrial espionnage and some such. It's also vital for individuals in countries with repressive regimes that want to routinely spy on their Internet users. That's why signed trusted lists of digests are needed: basically, you can't rely on the ISPs NOT to interfere with your traffic (and it doesn't matter if they're compelled by law to do it, or if they or some interloper did it illegally). It's the matter of being confident that what you've downloaded was actually also what you've asked for. ;) -cpghost. -- Cordula's Web. http://www.cordula.ws/