Poul-Henning Kamp
2017-Dec-10 23:14 UTC
http subversion URLs should be discontinued in favor of https URLs
-------- In message <20171210225326.GK5901 at funkthat.com>, John-Mark Gurney writes:>IMO, all security needs to be node-to-node.There's nothing "IMO" about that. The end-to-end principle became a bed-rock foundation of all rational networking with "End to End Arguments in System Design" in 1981. http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf The only realistic way for the FreeBSD project to implement end-to-end trust, is HTTPS with a self-signed cert, distributed and verified using the projects PGP-trust-mesh and strong social network. Anything else is just pretend-security today. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk at FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Dag-Erling Smørgrav
2017-Dec-12 12:06 UTC
http subversion URLs should be discontinued in favor of https URLs
"Poul-Henning Kamp" <phk at phk.freebsd.dk> writes:> The only realistic way for the FreeBSD project to implement end-to-end > trust, is HTTPS with a self-signed cert, distributed and verified > using the projects PGP-trust-mesh and strong social network.Your suggestion does not remove implicit and possibly misplaced trust, it just moves it from one place to another. Instead of trusting a certificate authority and DNS, you trust the source of the public key, and probably also DNS. As always, it boils down to a) key distribution is hard and b) what's your threat model? DES -- Dag-Erling Sm?rgrav - des at des.no