svn commit: r331618 - head/share/man/man7
Conrad Meyer
cem at freebsd.org
Tue Mar 27 15:30:11 UTC 2018
Thinking of the network as attacker-controlled is fine, but without
the CA certificate database in ports, TLS provides neither data
integrity nor confidentiality.[0]
Even with certificate validation, it's unlikely that TLS provides
meaningful confidentiality for svn.freebsd.org — IP still exposes the
server's address:
$ host 8.8.178.107
107.178.8.8.in-addr.arpa domain name pointer svnmir.ysv.freebsd.org
Even a naive network attacker can determine that you are interacting
with a FreeBSD source mirror, and can determine the direction of the
flow of information based on simple count of upload / download bytes.
Best,
Conrad
P.S., we should probably ship a CA database in base. Maybe with an
override version in ports to match our release model. But, base
should be able to authenticate certificates out of the box.
[0]: https://github.com/moxie0/sslsniff
On Tue, Mar 27, 2018 at 8:01 AM, Benjamin Kaduk <bjkfbsd at gmail.com> wrote:
> On Tue, Mar 27, 2018 at 9:57 AM, Rodney W. Grimes
> <freebsd at pdx.rh.cn85.dnsmgr.net> wrote:
>>
>> > Author: trasz
>> > Date: Tue Mar 27 14:51:19 2018
>> > New Revision: 331618
>> > URL: https://svnweb.freebsd.org/changeset/base/331618
>> >
>> > Log:
>> > Use https:// instead of http://.
>> >
>> > MFC after: 2 weeks
>> >
>> > Modified:
>> > head/share/man/man7/development.7
>> >
>> > Modified: head/share/man/man7/development.7
>> >
>> > ==============================================================================
>> > --- head/share/man/man7/development.7 Tue Mar 27 14:50:12 2018
>> > (r331617)
>> > +++ head/share/man/man7/development.7 Tue Mar 27 14:51:19 2018
>> > (r331618)
>> > @@ -57,7 +57,7 @@ can be found at:
>> > FreeBSD src development takes place in the CURRENT branch in
>> > Subversion,
>> > located at:
>> > .Pp
>> > -.Lk http://svn.FreeBSD.org/base/head
>> > +.Lk https://svn.FreeBSD.org/base/head
>> > .Pp
>> > There is also a read-only GitHub mirror at:
>> > .Pp
>>
>> Why do we want to run the load of TLS for what are public bits?
>> And fyi a default install of FreeBSD can not use https, you have
>> to install certs from ports before any of these https links
>> can even work, and that can be a royal pita in some situations.
>
>
> Many of us are used to thinking of the network as controlled by an attacker.
> Running http-not-s to fetch the sources lets "the attacker" supply an
> arbitrary
> collection of bits under the name FreeBSD without a good way for the user to
> check that the bits on their disk match what the FreeBSD Project expects
> them to be.
> TLS provides data integrity as well as confidentiality...
>
> -Ben
More information about the svn-src-head
mailing list