Bug 224336 - /etc/pkg/FreeBSD.conf should use HTTPS by default
Summary: /etc/pkg/FreeBSD.conf should use HTTPS by default
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-14 11:56 UTC by Wolfram Schneider
Modified: 2017-12-18 09:51 UTC (History)
5 users (show)

See Also:


Attachments
patch (385 bytes, patch)
2017-12-14 11:57 UTC, Wolfram Schneider
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfram Schneider freebsd_committer 2017-12-14 11:56:02 UTC
In /etc/pkg/FreeBSD.conf is the config for the pkg server:

url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest"

we should switch to the more secure HTTPS protocol by default:

url: "pkg+https://pkg.FreeBSD.org/${ABI}/latest"
Comment 1 Wolfram Schneider freebsd_committer 2017-12-14 11:57:05 UTC
Created attachment 188821 [details]
patch
Comment 2 Baptiste Daroussin freebsd_committer 2017-12-14 12:13:26 UTC
This will mean everything will fail to bootstrap because there is no root ca.
The root ca is installed by pkg, chicken egg problem.

How would it be more secure here, given everything is signed aka, all you get would be verified?
Comment 3 Conrad Meyer freebsd_committer 2017-12-14 18:37:08 UTC
Packages are individually signed.  I don't think it matters, as long as the indices and stuff pkg(1) trusts are also signed.  The only real protection is that ISPs could not tell what packages were being fetched; except, this isn't even true, as they can correlated transfer sizes.
Comment 4 Conrad Meyer freebsd_committer 2017-12-14 18:37:33 UTC
(In reply to Conrad Meyer from comment #3)
> I don't think it matters
it=https
Comment 5 Wolfram Schneider freebsd_committer 2017-12-16 09:52:08 UTC
(In reply to Baptiste Daroussin from comment #2)

Good point about the "chicken egg problem". This needs to be resolved at some time. Not short term, but mid term. I want a system which is secure from the beginning, right after installation.
Comment 6 Baptiste Daroussin freebsd_committer 2017-12-18 09:51:25 UTC
Again from what has been said above, Can you state what is insecure in the process, given the signatures?