Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 10 Dec 2017 23:14:54 +0000
From:      "Poul-Henning Kamp" <phk@phk.freebsd.dk>
To:        John-Mark Gurney <jmg@funkthat.com>
Cc:        Michelle Sullivan <michelle@sorbs.net>, Yuri <yuri@rawbw.com>, RW <rwmaillists@googlemail.com>, Igor Mozolevsky <mozolevsky@gmail.com>, freebsd security <freebsd-security@freebsd.org>
Subject:   Re: http subversion URLs should be discontinued in favor of https URLs
Message-ID:  <99305.1512947694@critter.freebsd.dk>
In-Reply-To: <20171210225326.GK5901@funkthat.com>
References:  <20171205231845.5028d01d@gumby.homeunix.com> <CADWvR2gVn8H5h6LYB5ddwUHYwDtiLCuYndsXhJywi7Q9vNsYvw@mail.gmail.com> <20171210173222.GF5901@funkthat.com> <CADWvR2iGQOtcU=FnU-fNsso2eLCCQn=swnOLoqws%2B33V8VzX1Q@mail.gmail.com> <5c810101-9092-7665-d623-275c15d4612b@rawbw.com> <CADWvR2j_LLEPKnSynRRmP4LG3mypdkNitwg%2B7vSh=iuJ=JU09Q@mail.gmail.com> <fd888f6b-bf16-f029-06d3-9a9b754dc676@rawbw.com> <CADWvR2jnxVwXmTA9XpZhGYnCAhFVifqqx2MvYeSeHmYEybaNnA@mail.gmail.com> <19bd6d57-4fa6-24d4-6262-37e1487d7ed6@rawbw.com> <5A2DB80D.3020309@sorbs.net> <20171210225326.GK5901@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
--------
In message <20171210225326.GK5901@funkthat.com>, John-Mark Gurney writes:

>IMO, all security needs to be node-to-node. 

There's nothing "IMO" about that.

The end-to-end principle became a bed-rock foundation of all rational
networking with "End to End Arguments in System Design" in 1981.

    http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf

The only realistic way for the FreeBSD project to implement end-to-end
trust, is HTTPS with a self-signed cert, distributed and verified
using the projects PGP-trust-mesh and strong social network.

Anything else is just pretend-security today.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99305.1512947694>