Thinking of the network as attacker-controlled is fine, but without the CA certificate database in ports, TLS provides neither data integrity nor confidentiality.[0]
Even with certificate validation, it's unlikely that TLS provides meaningful confidentiality for svn.freebsd.org — IP still exposes the server's address: $ host 8.8.178.107 107.178.8.8.in-addr.arpa domain name pointer svnmir.ysv.freebsd.org Even a naive network attacker can determine that you are interacting with a FreeBSD source mirror, and can determine the direction of the flow of information based on simple count of upload / download bytes. Best, Conrad P.S., we should probably ship a CA database in base. Maybe with an override version in ports to match our release model. But, base should be able to authenticate certificates out of the box. [0]: https://github.com/moxie0/sslsniff On Tue, Mar 27, 2018 at 8:01 AM, Benjamin Kaduk <bjkf...@gmail.com> wrote: > On Tue, Mar 27, 2018 at 9:57 AM, Rodney W. Grimes > <free...@pdx.rh.cn85.dnsmgr.net> wrote: >> >> > Author: trasz >> > Date: Tue Mar 27 14:51:19 2018 >> > New Revision: 331618 >> > URL: https://svnweb.freebsd.org/changeset/base/331618 >> > >> > Log: >> > Use https:// instead of http://. >> > >> > MFC after: 2 weeks >> > >> > Modified: >> > head/share/man/man7/development.7 >> > >> > Modified: head/share/man/man7/development.7 >> > >> > ============================================================================== >> > --- head/share/man/man7/development.7 Tue Mar 27 14:50:12 2018 >> > (r331617) >> > +++ head/share/man/man7/development.7 Tue Mar 27 14:51:19 2018 >> > (r331618) >> > @@ -57,7 +57,7 @@ can be found at: >> > FreeBSD src development takes place in the CURRENT branch in >> > Subversion, >> > located at: >> > .Pp >> > -.Lk http://svn.FreeBSD.org/base/head >> > +.Lk https://svn.FreeBSD.org/base/head >> > .Pp >> > There is also a read-only GitHub mirror at: >> > .Pp >> >> Why do we want to run the load of TLS for what are public bits? >> And fyi a default install of FreeBSD can not use https, you have >> to install certs from ports before any of these https links >> can even work, and that can be a royal pita in some situations. > > > Many of us are used to thinking of the network as controlled by an attacker. > Running http-not-s to fetch the sources lets "the attacker" supply an > arbitrary > collection of bits under the name FreeBSD without a good way for the user to > check that the bits on their disk match what the FreeBSD Project expects > them to be. > TLS provides data integrity as well as confidentiality... > > -Ben _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
