Matthew Finkel
2017-Dec-08 08:25 UTC
http subversion URLs should be discontinued in favor of https URLs
On Thu, Dec 07, 2017 at 10:26:06PM +0000, Poul-Henning Kamp wrote:> -------- > In message <2a6d123c-8ee5-8e1e-d99b-4bce02345308 at rawbw.com>, Yuri writes: > > >The unfortunate FreeBSD user who updated his source tree through > >Tor [...] > > Why would anybody do that in the first place ?Why doesn't everyone have that option? Why is broadcasting a users information across the internet forced upon them? Shouldn't they have a choice? I don't disagree the CA mafia model is a broken mess, but there is some work being done for this - so maybe the situation will be better in 5-10 years. But even with those improvements, I'd rather have updates served over a self-authenticating onion service than over a direct http connection. I see five options: direct-http-connection, direct-https-connection, http-over-tor, https-over-tor, and http-over-onion. There is only one of these that does not require trusting the intermediate hops of the connection (or external third parties) and it guarantees the bits that went in at one end of the connection are the bits that come out the other end while not leaking sensitive information (metadata) along the path. As a concrete example, I encourage everyone read why Debian chose exactly this solution[0][1]. It would be nice if all updates are available over onion, not only subversion, but subversion is a good starting point. Onion services accomplish the same basic goal as TLS (authentication, integrity, confidentiality) and they protect against targetting and profiling users. As a user, I care about all these problems. Also, to Yuri's original point, you can ship a self-signed FreeBSD CA cert. Subversion supports using it, so beside getting the private keys on the mirrors there is little against doing it[2]. [0] https://blog.torproject.org/tor-heart-apt-transport-tor-and-debian-onions [1] https://bits.debian.org/2016/08/debian-and-tor-services-available-as-onion-services.html [2] http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.httpd.ssl
Jamie Landeg-Jones
2017-Dec-11 21:29 UTC
http subversion URLs should be discontinued in favor of https URLs
Matthew Finkel <matthew.finkel at gmail.com> wrote:> Why doesn't everyone have that option? Why is broadcasting a users information > across the internet forced upon them? Shouldn't they have a choice?They do! HTTPS already exists! This thread is about removing HTTP and forcing HTTPS - "Why should HTTPS be forced upon them? Shouldn't they have a choice?" :-) | 21:16 (4) "/tmp" root at lapcat# svn export https://svn.freebsd.org/base/stable/11/usr.bin/fortune | A fortune | A fortune/datfiles | | [ ... ] | | A fortune/tools/Troff.sed | Exported revision 326782. Voila! A https delivery of "fortune" ! (Confirmed via tcpdump not to be using fallback HTTP) cheers!