From owner-freebsd-security@freebsd.org Fri Sep 18 17:44:43 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0E0EC9CECF8 for ; Fri, 18 Sep 2015 17:44:43 +0000 (UTC) (envelope-from agh@fastmail.fm) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D0D231547 for ; Fri, 18 Sep 2015 17:44:42 +0000 (UTC) (envelope-from agh@fastmail.fm) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 8680320677; Fri, 18 Sep 2015 13:44:41 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Fri, 18 Sep 2015 13:44:41 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.fm; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=JKNG7 sY7QE31CqbSteYJ1M4zPgY=; b=pCl6WOpgC7v97S1vqwkdHb1lmNuc2O21zACNF 1aP/whg2/kxwDefJWgy0il5Vm2zr9+Cla0Kcy9NW2MLh6bh7RcT5aOzFIY1dUmOx njhSlKrgOqH1AIppk+zxfX/etqh37OeVvEiZj60zikhzyMg84LrujuO8a8MemXBJ gzaf9s= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=smtpout; bh=JKNG7sY7QE31CqbSteYJ1M4zPgY=; b=r+FPb CfXDH6CM/r4qY1taWTojvel/KnXK2C4O3GbKLkKpm9AhqE3JfkyZqJEj8tniTmwa fojyPjYDgLfUZsKr0GxvOZAoXLIsxbMBwX0AQStUT4uaFeUcWZW0UJP0LBhtT3/9 FVSRMrgspeykgDEHO9jYA6AHhE+UW5XjFN9Scc= X-Sasl-enc: 5kkBmjzkFp2wZzDHh6bFE7manHYOvIuCbqh6OAHZrZvV 1442598280 Received: from kropotkin.auxio (aux.io [223.252.30.161]) by mail.messagingengine.com (Postfix) with ESMTPA id 1972FC00021; Fri, 18 Sep 2015 13:44:39 -0400 (EDT) Date: Sat, 19 Sep 2015 01:44:36 +0800 From: Alastair Hogge To: "William A. Mahaffey III" Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: HTTPS on freebsd.org, git, reproducible builds Message-ID: <20150918174436.GF85844@kropotkin.auxio> References: <1442578892.1807598.387215049.07156D0F@webmail.messagingengine.com> <1442579551.1810383.387233801.46EBDA6D@webmail.messagingengine.com> <55FC1498.7090902@Plominski.eu> <55FC19B7.1010607@hiwaay.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <55FC19B7.1010607@hiwaay.net> User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Sep 2015 17:44:43 -0000 On 2015-09-18 Fri 09:09:05 +0000 William A. Mahaffey III , wrote: > On 09/18/15 08:47, Daniel DP. Plominski wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > well, encryption does not cost much, most mobile devices are now fast enough > > for IP obfuscation there vpn providers or anonymity networks like Tor > > > > you should look for "when leaken metadata", customized Firefox > > versionslike the "torbundle" package or FreeBSD features such as: > > disabled tcp timpstamp, activated net.inet.ip.stealth etc. > > > > may be that the most information are not critical of freebsd.org > > on a page about political commitment, however, twice what you click on > > > > in the post snowden/nsa area, i think it is not heard now de rigueur, > > but should be compulsory > > Where is that 'net.inet.ip.stealth' setting ? I didn't find it in my > /etc/defaults/rc.conf file .... What about: $ sysctl -d net.inet.ip.stealth net.inet.ip.stealth: IP stealth mode, no TTL decrementation on forwarding $ sysctl -d net.inet.ip.random_id net.inet.ip.random_id: Assign random ip_id values Add them to /etc/sysctl.conf To good health -- The liberals can understand everything but people who don't understand them. -- Lenny Bruce