From owner-freebsd-security@freebsd.org Sun Dec 10 19:18:18 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4D570E97420 for ; Sun, 10 Dec 2017 19:18:18 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: from mail-wr0-x229.google.com (mail-wr0-x229.google.com [IPv6:2a00:1450:400c:c0c::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D082B7D6A5 for ; Sun, 10 Dec 2017 19:18:17 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: by mail-wr0-x229.google.com with SMTP id k61so15441670wrc.4 for ; Sun, 10 Dec 2017 11:18:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=T8ERRvujQe80EXdxTwSwRGSHJC5edn3vBARh4cpIhGo=; b=PKAyVkYP2he5MwM+5NRMALvRG3Uiq14Hgn0f5D8I9xypktUxmupsLiFN6EksD5fe+6 3/zZJs0JNx8lggARbiqTK05eiLAToH395h5VTqnk9H1Y6msnSOsuZz59pQM6tAnOK66D eta9cfEytp0dRylu/o+6iGrLLg0OqiSajoyMaOsXVpv5t9icKa2u9pE/K/+0h5IsQREG HwTUUxzp6h05hWmYtSIUosaN3avEdiMcq6SlPSZa7lMpZ+paxzuu1oqxS5UWcLrSdneo I1w+hjrqv/3LmVWK9LmDaBg3BZQkpAa5RC8a4bgxZu4lbYBfW1Tkplfyvy6MMpQD3GEI BOdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=T8ERRvujQe80EXdxTwSwRGSHJC5edn3vBARh4cpIhGo=; b=pMkdidiENkNIf420wAkJEZceUdl2zi0+Bavz4ySOIIXsKEA0eOTOQNZSmqWNi865Az /XmmAN0/sXj0I9QY3z3yjh59gCXfqrc3kenv8+rgz/Cq8dT/NXxhEyIZmUwjHrByVgIv wEU0KAl9YzPlRdnt0DYq6LKAe7psDEEE/9G4eIxayDAaPbilkveUwBjUS94LnQTbJ5fD PW1qG/UNCq5UFRTSdPPPy39/6loOGxOSJj38eits4dmQEbhdwWHcFGxjz/gtuGiW7nMs Y19L2ERZ/23CduOz04JGbdxklpuh+CPtKsPcSlVrydhGeGa7a1K6LXhn5Tz46kuoTiTI bFHg== X-Gm-Message-State: AJaThX6hwKDMUep1FVxblF8wbtqZuMGNjYkquxA47Hko2ayVHQguHab4 hmqlNZKHGI7iHTopCeD9B2PS7lUw4rmkOHE/40U= X-Google-Smtp-Source: AGs4zMbHbSpnDpTDUa7TtF7CwEU99Aq94hL+swkIiLN2d1O8Q245XGz++w/m2lA/ej4HHGVSl2Shw/IbCXphVrJsdm0= X-Received: by 10.223.130.177 with SMTP id 46mr35591717wrc.176.1512933495942; Sun, 10 Dec 2017 11:18:15 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.90.193 with HTTP; Sun, 10 Dec 2017 11:17:35 -0800 (PST) In-Reply-To: <20171210190257.GH5901@funkthat.com> References: <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com> <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <20171205231845.5028d01d@gumby.homeunix.com> <20171210173222.GF5901@funkthat.com> <20171210190257.GH5901@funkthat.com> From: Igor Mozolevsky Date: Sun, 10 Dec 2017 19:17:35 +0000 Message-ID: Subject: Re: http subversion URLs should be discontinued in favor of https URLs To: Igor Mozolevsky , RW , freebsd security Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Dec 2017 19:18:18 -0000 On 10 December 2017 at 19:02, John-Mark Gurney wrote: > Igor Mozolevsky wrote this message on Sun, Dec 10, 2017 at 17:39 +0000: > > On 10 December 2017 at 17:32, John-Mark Gurney wrote: > > > > > > > > > The discussion has been for svn updates over http, not for > freebsd-update > > > updates which are independantly signed and verified.. There is > currently > > > no signatures provided via SVN to validate any source received via > http. > > > > There has been no instance of in-transit compromise reported since SVN > was > > introduced. > > So, you require an exploit in the wild before you'll patch? No, I'm saying it's not a realistic threat model! If the threat is the integrity of the source code in transit, then it'd be way cheaper and way more reasonable to implement a Merkle Tree-like verification with each revision. -- Igor M.