From owner-svn-src-head@freebsd.org Tue Mar 27 15:30:11 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 50886F607E9; Tue, 27 Mar 2018 15:30:11 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: from mail-io0-f178.google.com (mail-io0-f178.google.com [209.85.223.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DD1FE6C5BC; Tue, 27 Mar 2018 15:30:10 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: by mail-io0-f178.google.com with SMTP id q80so17161894ioi.13; Tue, 27 Mar 2018 08:30:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc:content-transfer-encoding; bh=pmSdjxBghO1vqyU3uibPtwbrI/QppnU2Lr1ja3qdr84=; b=EKWJK5sNF/D/vMOdfuHXuJ7MN4XOO7yrRQP4W77MyoU0YxdDAhWv5KYallYhmwVVqY 4tTso7zTUPoRdx7hLKq4g2ngtgilZ46y2rjU7Elat0n3OO1m3vPxsm9b55qFhccBXIYG oLnnsxnfbikkgQ0V6MvIoGyMmPnRkyQ6B6ZqR0PzaCilQsUpZs2hs1YQ3Z1XpJ7OFgIn 0MTyqAHba7Yb6fpmr0tKoAOX5Js4YEJxASJkWfsabKksjiitGb3v+gNP6fdqx83QCZak CBvFgcq9DLOU8MFBGVx/Q8JbuZkXxO6flIn6vKsgx0Ya9hspy/pZ+fhTbrZesEtxIPCK Czfg== X-Gm-Message-State: AElRT7E96cHkKop+1fQSdRyOAp8FoJKE+JaGzjamqb/3tfFWJ88wK8Ob z3R1Tdw7G92pJe8zpgj146GYsntb X-Google-Smtp-Source: AIpwx48hP3QtutDDIbRwavPs1LufinpUCge4mzy/+Umsff9xtPg4/mDjeBjolsJ7UERWQnn7QnoPSA== X-Received: by 10.107.178.200 with SMTP id b191mr3641700iof.138.1522164609663; Tue, 27 Mar 2018 08:30:09 -0700 (PDT) Received: from mail-io0-f179.google.com (mail-io0-f179.google.com. [209.85.223.179]) by smtp.gmail.com with ESMTPSA id k4-v6sm1310029ith.4.2018.03.27.08.30.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Mar 2018 08:30:09 -0700 (PDT) Received: by mail-io0-f179.google.com with SMTP id b20so28084514iof.5; Tue, 27 Mar 2018 08:30:09 -0700 (PDT) X-Received: by 10.107.181.72 with SMTP id e69mr29772476iof.267.1522164608767; Tue, 27 Mar 2018 08:30:08 -0700 (PDT) MIME-Version: 1.0 Reply-To: cem@freebsd.org Received: by 10.2.62.19 with HTTP; Tue, 27 Mar 2018 08:30:08 -0700 (PDT) In-Reply-To: References: <201803271451.w2REpJP9078197@repo.freebsd.org> <201803271457.w2REv6tH052497@pdx.rh.CN85.dnsmgr.net> From: Conrad Meyer Date: Tue, 27 Mar 2018 08:30:08 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r331618 - head/share/man/man7 To: Benjamin Kaduk Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Mar 2018 15:30:11 -0000 Thinking of the network as attacker-controlled is fine, but without the CA certificate database in ports, TLS provides neither data integrity nor confidentiality.[0] Even with certificate validation, it's unlikely that TLS provides meaningful confidentiality for svn.freebsd.org =E2=80=94 IP still exposes t= he server's address: $ host 8.8.178.107 107.178.8.8.in-addr.arpa domain name pointer svnmir.ysv.freebsd.org Even a naive network attacker can determine that you are interacting with a FreeBSD source mirror, and can determine the direction of the flow of information based on simple count of upload / download bytes. Best, Conrad P.S., we should probably ship a CA database in base. Maybe with an override version in ports to match our release model. But, base should be able to authenticate certificates out of the box. [0]: https://github.com/moxie0/sslsniff On Tue, Mar 27, 2018 at 8:01 AM, Benjamin Kaduk wrote: > On Tue, Mar 27, 2018 at 9:57 AM, Rodney W. Grimes > wrote: >> >> > Author: trasz >> > Date: Tue Mar 27 14:51:19 2018 >> > New Revision: 331618 >> > URL: https://svnweb.freebsd.org/changeset/base/331618 >> > >> > Log: >> > Use https:// instead of http://. >> > >> > MFC after: 2 weeks >> > >> > Modified: >> > head/share/man/man7/development.7 >> > >> > Modified: head/share/man/man7/development.7 >> > >> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >> > --- head/share/man/man7/development.7 Tue Mar 27 14:50:12 2018 >> > (r331617) >> > +++ head/share/man/man7/development.7 Tue Mar 27 14:51:19 2018 >> > (r331618) >> > @@ -57,7 +57,7 @@ can be found at: >> > FreeBSD src development takes place in the CURRENT branch in >> > Subversion, >> > located at: >> > .Pp >> > -.Lk http://svn.FreeBSD.org/base/head >> > +.Lk https://svn.FreeBSD.org/base/head >> > .Pp >> > There is also a read-only GitHub mirror at: >> > .Pp >> >> Why do we want to run the load of TLS for what are public bits? >> And fyi a default install of FreeBSD can not use https, you have >> to install certs from ports before any of these https links >> can even work, and that can be a royal pita in some situations. > > > Many of us are used to thinking of the network as controlled by an attack= er. > Running http-not-s to fetch the sources lets "the attacker" supply an > arbitrary > collection of bits under the name FreeBSD without a good way for the user= to > check that the bits on their disk match what the FreeBSD Project expects > them to be. > TLS provides data integrity as well as confidentiality... > > -Ben