From owner-freebsd-questions@FreeBSD.ORG  Sat Jan  3 18:44:42 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6BA8E106564A
	for <freebsd-questions@freebsd.org>;
	Sat,  3 Jan 2009 18:44:42 +0000 (UTC)
	(envelope-from cpghost@cordula.ws)
Received: from fw.farid-hajji.net (fw.farid-hajji.net [213.146.115.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 8BC618FC14
	for <freebsd-questions@freebsd.org>;
	Sat,  3 Jan 2009 18:44:41 +0000 (UTC)
	(envelope-from cpghost@cordula.ws)
Received: from phenom.cordula.ws (phenom [192.168.254.60])
	by fw.farid-hajji.net (Postfix) with ESMTP id F149B36813;
	Sat,  3 Jan 2009 19:44:38 +0100 (CET)
Date: Sat, 3 Jan 2009 19:46:59 +0100
From: cpghost <cpghost@cordula.ws>
To: RW <rwmaillists@googlemail.com>
Message-ID: <20090103184659.GB1253@phenom.cordula.ws>
References: <20090102164412.GA1258@phenom.cordula.ws>
	<495E4F24.80209@unsane.co.uk>
	<20090103013825.18910bf5@gumby.homeunix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20090103013825.18910bf5@gumby.homeunix.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: freebsd-questions@freebsd.org
Subject: Re: Foiling MITM attacks on source and ports trees
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Jan 2009 18:44:42 -0000

On Sat, Jan 03, 2009 at 01:38:25AM +0000, RW wrote:
> On Fri, 02 Jan 2009 17:30:12 +0000
> Vincent Hoffman <vince@unsane.co.uk> wrote:
> > Admittedly this doesn't give a file by file checksum
> 
> That's not really a problem, it's no easier to create a collision
> in a .gz file than a patch file. 
> 
> The more substantial weakness is that the key is verified against a
> hash stored on the original installation media. If someone went to the
> trouble of diverting dns or routing to create a fake FreeBSD site they
> would presumably make it self-consistent down to the ISO checksums.

That's why I suggested that the list of checksums be digitally signed
by a private key belonging to The FreeBSD Project. It is assumed that
getting the corresponding public key would be possible by other means
not susceptible to MITM attacks (e.g. through endless replication all
over the net, fingerprint in books etc...).

-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/