Date: Wed, 2 Sep 2020 21:56:19 -0400 From: grarpamp <grarpamp@gmail.com> To: freebsd-security@freebsd.org Cc: shawn.webb@hardenedbsd.org, Ed Maste <emaste@freebsd.org>, FreeBSD Current <freebsd-current@freebsd.org>, freebsd-git@freebsd.org Subject: Where's the fingerprints and sigs? (was: Please check the current beta git conversions) Message-ID: <CAD2Ti28U5SLZP7__R0j33Ri5_QLsO-Q4yaq2Krm9r-wJTtNS=A@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
On 9/1/20, Shawn Webb <shawn.webb@hardenedbsd.org> wrote: > I'm curious if there's any plans for read-only access over ssh. > Trusting FreeBSD's ssh key material is likely easier than trusting > HTTPS in certain regions. A bit moot when such key materials of all services, and repos, and ticketing, and reviews, and builds, and downloads, and packages, forums, and git hashtree initialization first hashes, and pubkey modulus not just the larger DER's by untrusted/attacking CA's, etc... are all not sha-256 fingerprint signed and attested to in a base included textfile, in repo and on website, etc by security officer keys having good WoT... for users to reference, import, validate, pin down, etc. And tools for accessing such services often not have fingerprint pinning options. Woes be to those using such untrustable massively MITM'd and spied upon networks as the Internet, Workplace, Home, Travel, VPN, WiFi, Tor Exits, etc not having any way to authenticate fingerprints and pin such services back to their favorite OS project's security apostille office yet. Security vaunted OpenBSD still serves up via cleartext non-hashtree anoncvs on non-ecc harware on non-zfs-skein filesystems etc... So the BSD world must still be thought secure, bit integral, and trustably accessible without any of these infrastructure tool fingerprint sig and pin basics... still no need to supply them since decades since TLS/SSH/etc were deployed... Right? Not. Cheers all :) [Same for Linux ;]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD2Ti28U5SLZP7__R0j33Ri5_QLsO-Q4yaq2Krm9r-wJTtNS=A>