http subversion URLs should be discontinued in favor of https URLs
Poul-Henning Kamp
phk at phk.freebsd.dk
Tue Dec 12 12:59:57 UTC 2017
--------
In message <86d13kgnfh.fsf at desk.des.no>, =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= w
rites:
>"Poul-Henning Kamp" <phk at phk.freebsd.dk> writes:
>> The only realistic way for the FreeBSD project to implement end-to-end
>> trust, is HTTPS with a self-signed cert, distributed and verified
>> using the projects PGP-trust-mesh and strong social network.
>
>Your suggestion does not remove implicit and possibly misplaced trust,
>it just moves it from one place to another. Instead of trusting a
>certificate authority and DNS, you trust the source of the public key,
>and probably also DNS. As always, it boils down to a) key distribution
>is hard and b) what's your threat model?
I don't think I agree with any of that ?
With respect to authenticity of the FreeBSD SVN repo I cannot
imagine anybody else being even one percent as qualified and
trustworth as the FreeBSD projects own core-team.
In particular I would never trust any "In the CA-racket for the
money" organization to do so.
If you are worried that the FreeBSD project "staff" cannot
handle a root-cert competently, then the exposure is no
smaller or larger than if it was a CA-signed cert they fumbled.
Trusting DNS doesn't apply it if the project root-cert was
stored on my local machine after I used my best judgement of PGP
signatures to conclude that it was authentic.
And I don't really see distribution of this particular key being
difficult at all: We already PGP sign release checksums for
authenticity and it the FreeBSD root-cert is just another file to
get same treatment.
Poul-Henning
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-security
mailing list