Björn Persson wrote:
Jacob Bachmeyer via Gnupg-users wrote:
Unlike HTTP, FTP is /not/ subject to simple Man-on-the-Side attacks (which motivated the rush to HTTPS) because there is no in-protocol redirect.

So FTP isn't vulnerable to that particular attack,

... which is important because that particular attack (and a whistleblower reporting that it had been deployed on a large scale) was most of the motivation for the rush to HTTPS.

 and attackers have
to resort to TCP hijacking or DNS poisoning or BGP hijacking or
whatever.

All of which are far more detectable than the simple Man-on-the-Side attack. BGP hijacking and DNS poisoning in particular are likely to affect large numbers of users. That itself can be a deterrent. Remember that the threat model here is substituting a backdoored GPG. Such an attacker loses if the attack is merely /discovered/. Each user affected increases the risk of discovery.

 Without cryptography there is no security.

Yes, and the transport by which GPG is delivered is already untrusted, thus the signatures on the tarballs and the digests in the release announcements.

 Anyone who wants
to argue in favor of FTP from a security point of view should at least
argue for FTP over TLS.

I specifically addressed that TLS is of little or no benefit to the distribution of GPG. It does not even provide privacy as to what was downloaded, because passive traffic analysis reveals a connection to the GPG distribution server and that N bytes were received, which is likely enough information to determine /which/ tarball a client downloaded.

[...]
I would encourage resuming FTP distribution, since I see no plausible security benefit to omitting it.

For the download usecase, I see no plausible benefit to providing FTP
service in addition to HTTPS. A web server plus an FTP server will
always be a larger attack surface than only the web server. I recommend
leaving the FTP server off.

FTP is a longstanding and simple protocol; accordingly, FTP servers were all hardened long ago. The incremental risk is slight, compared to the complexity of a modern httpd. Especially if the FTP server can be further sandboxed using SELinux or similar, since it should need no write access whatsoever: logs can be sent through syslog if needed or simply not kept at all.

I stand by my previous recommendation.


-- Jacob


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to