Poul-Henning Kamp
2017-Dec-07 22:26 UTC
http subversion URLs should be discontinued in favor of https URLs
-------- In message <2a6d123c-8ee5-8e1e-d99b-4bce02345308 at rawbw.com>, Yuri writes:>The unfortunate FreeBSD user who updated his source tree through >Tor [...]Why would anybody do that in the first place ? -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk at FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Jason Hellenthal
2017-Dec-07 23:16 UTC
http subversion URLs should be discontinued in favor of https URLs
The truly paranoid types that don?t want anyone to know they are using FreeBSD apparently. Honestly if they are that worried about http then get a private vpn tunnel and run through that instead !> On Dec 7, 2017, at 16:27, Poul-Henning Kamp <phk at phk.freebsd.dk> wrote: > > -------- > In message <2a6d123c-8ee5-8e1e-d99b-4bce02345308 at rawbw.com>, Yuri writes: > >> The unfortunate FreeBSD user who updated his source tree through >> Tor [...] > > Why would anybody do that in the first place ? > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk at FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. > _______________________________________________ > freebsd-security at freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org" >
Matthew Finkel
2017-Dec-08 08:25 UTC
http subversion URLs should be discontinued in favor of https URLs
On Thu, Dec 07, 2017 at 10:26:06PM +0000, Poul-Henning Kamp wrote:> -------- > In message <2a6d123c-8ee5-8e1e-d99b-4bce02345308 at rawbw.com>, Yuri writes: > > >The unfortunate FreeBSD user who updated his source tree through > >Tor [...] > > Why would anybody do that in the first place ?Why doesn't everyone have that option? Why is broadcasting a users information across the internet forced upon them? Shouldn't they have a choice? I don't disagree the CA mafia model is a broken mess, but there is some work being done for this - so maybe the situation will be better in 5-10 years. But even with those improvements, I'd rather have updates served over a self-authenticating onion service than over a direct http connection. I see five options: direct-http-connection, direct-https-connection, http-over-tor, https-over-tor, and http-over-onion. There is only one of these that does not require trusting the intermediate hops of the connection (or external third parties) and it guarantees the bits that went in at one end of the connection are the bits that come out the other end while not leaking sensitive information (metadata) along the path. As a concrete example, I encourage everyone read why Debian chose exactly this solution[0][1]. It would be nice if all updates are available over onion, not only subversion, but subversion is a good starting point. Onion services accomplish the same basic goal as TLS (authentication, integrity, confidentiality) and they protect against targetting and profiling users. As a user, I care about all these problems. Also, to Yuri's original point, you can ship a self-signed FreeBSD CA cert. Subversion supports using it, so beside getting the private keys on the mirrors there is little against doing it[2]. [0] https://blog.torproject.org/tor-heart-apt-transport-tor-and-debian-onions [1] https://bits.debian.org/2016/08/debian-and-tor-services-available-as-onion-services.html [2] http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.httpd.ssl