Re: Some secure way of updating sources?

[Eric S. Pulley]

> Having read the FAQ, I learned there are 3 ways to sync sources. Among
them, only AnonCVS can be transmitted in a secure channel when using SSH
transport. The other two, namely CVSup and CVSync, are transferred in
clear text with no server identity authentication. However, even the
AnonCVS host key fingerprints are published over HTTP channel, which
provides no server authentication as well.
>
> Communication without proper authentication is vulnerable to DNS
poisoning and man-in-the-middle attacks, alhough it is unlikely to happen
in the wild.
>
> In practice, an updating user is not confident to say he or she is
always updating genuine OpenBSD sources. And OpenBSD mirrors sync with the
same unsureness.
>
> Is there some way to authenticate and verify source updating traffic?
>
> It seems publishing the SSH host keys on the HTTPS pages stabilizes the
AnonCVS trusting graph. What about CVSup and CVSync?
>

So you are seriously suggesting the OpenBSD folks set up a public-key
cryptography system (SSL) to confirm their current public-key cryptography
system (SSH)? I guess then we would need a third system to confirm the
first two, right? This must be troll food.