Foiling MITM attacks on source and ports trees

[cpghost]

On Fri, Jan 02, 2009 at 08:04:10PM +0100, Wojciech Puchar wrote:
> > It's a beginning for sure. I assume (403 error) Max generates and
> > saves digests on his snapshots and the verification script does the
> > same locally and simply compares both lists.
>
> it's plain paranoia. Yes such attacks are possible but usually there 100 
> other ways to compromise Your systems.
> 
> if one really care then make your VPN for all your computers, use one that 
> is unknown for others to download portsnap etc. and then use rsync to 
> populate it to other machines.

I'm already getting the files from one location and disseminate
them via rsync-over-SSH-over-VPNs to the server farms. But the
problem is the initial download from a cvsup mirror. That's the
one I'm really concerned with.

Note that I'm not concerned (all too much) with the integrity of the
cvsup mirrors themselves (I trust cvsup server admins to take proper
precautions against MITM between themselves and the master server,
right guys?), but with the integrity of the TCP connection of random
clients to those mirrors. That's the weakest link in the security
chain, and I hope we can find a way to strenghten it.

Thanks,
-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/