Subject: Re: pkg-vulnerabilities
To: None <pkgsrc-users@NetBSD.org>
From: Christian Biere <christianbiere@gmx.de>
List: pkgsrc-users
Date: 10/04/2006 11:07:39
Geert Hendrickx wrote:
> > A digital signature would be a good idea -- verify it at download time.
> > Using TLS would put a lot more load on ftp.netbsd.org, and wouldn't help
> > at all if you were using a mirror.
> Agreed; the file should be signed/secured, not the connection.
The disadvantage of signing without authenticating the server is that
it allows a replay-attack. If someone manages to fiddle with the DNS
records, he can send you an old file. Even checking the IP address
might not help because the same people are likely able to spoof it.
The signed file could of course include a timestamp which would be
updated periodically to limit the duration over which missing updates
are not noticed.
What about pkg-vulnerabilities.sf.net? That would give you SVN over
HTTPS for free. ;)
--
Christian