Re: Some secure way of updating sources?

2010-05-19 Thread Martin Schröder
2010/5/18 Eric S. Pulley pul...@dabus.com: Is there some way to authenticate and verify source updating traffic? So you are seriously suggesting the OpenBSD folks set up a public-key cryptography system (SSL) to confirm their current public-key cryptography system (SSH)? I guess then we

Re: Some secure way of updating sources?

2010-05-19 Thread QIU Quan
On Wed, May 19, 2010 at 15:52, Martin SchrC6der mar...@oneiros.de wrote: Qiu: AFAIK no. Well, I see. Thank you! And thanks for all that answered. Have a nice day! :-) -- h#d=: (QIU Quan) jac...@gmail.com

Re: Some secure way of updating sources?

2010-05-19 Thread Matthew Szudzik
On Tue, May 18, 2010 at 03:07:59PM -0600, Eric S. Pulley wrote: So you are seriously suggesting the OpenBSD folks set up a public-key cryptography system (SSL) to confirm their current public-key cryptography system (SSH)? I guess then we would need a third system to confirm the first two,

Re: Some secure way of updating sources?

2010-05-19 Thread J.C. Roberts
On Wed, 19 May 2010 16:18:53 +0800 QIU Quan jac...@gmail.com wrote: On Wed, May 19, 2010 at 15:52, Martin SchrC6der mar...@oneiros.de wrote: Qiu: AFAIK no. Well, I see. Thank you! And thanks for all that answered. Have a nice day! :-) First of all you need to realize SSL is not as cool

Some secure way of updating sources?

2010-05-18 Thread QIU Quan
Having read the FAQ, I learned there are 3 ways to sync sources. Among them, only AnonCVS can be transmitted in a secure channel when using SSH transport. The other two, namely CVSup and CVSync, are transferred in clear text with no server identity authentication. However, even the AnonCVS host

Re: Some secure way of updating sources?

2010-05-18 Thread Eric S. Pulley
Having read the FAQ, I learned there are 3 ways to sync sources. Among them, only AnonCVS can be transmitted in a secure channel when using SSH transport. The other two, namely CVSup and CVSync, are transferred in clear text with no server identity authentication. However, even the AnonCVS host

Re: Some secure way of updating sources?

2010-05-18 Thread Bryan
On Tue, May 18, 2010 at 16:07, Eric S. Pulley pul...@dabus.com wrote: Having read the FAQ, I learned there are 3 ways to sync sources. Among them, only AnonCVS can be transmitted in a secure channel when using SSH transport. The other two, namely CVSup and CVSync, are transferred in clear text

Re: Some secure way of updating sources?

2010-05-18 Thread QIU Quan
On Wed, May 19, 2010 at 05:16, Bryan bra...@gmail.com wrote: Maybe he's in China and wants to encrypt his traffic to keep the man off his back??? *checks OP e-mail address* nope, he has access to gmail.com... B not in China... Yes. I'm in China. Accessing Gmail through HTTPS web interface.

Re: Some secure way of updating sources?

2010-05-18 Thread QIU Quan
Sorry. Forgot to CC the list. -- Forwarded message -- From: QIU Quan jac...@gmail.com Date: Wed, May 19, 2010 at 09:05 Subject: Re: Some secure way of updating sources? To: Eric S. Pulley pul...@dabus.com On Wed, May 19, 2010 at 05:07, Eric S. Pulley pul...@dabus.com wrote: So

Re: Some secure way of updating sources?

2010-05-18 Thread Nick Bender
On Tue, May 18, 2010 at 7:14 PM, QIU Quan jac...@gmail.com wrote: SSL has some authorities which other current PKI systems, e.g. SSH, PGP, lacks. Usually, the trusted authorities are delivered along with OS distributions. Although a vendor should take the responsibility to validate the

Re: Some secure way of updating sources?

2010-05-18 Thread QIU Quan
On Wed, May 19, 2010 at 10:29, Nick Bender nben...@gmail.com wrote: http://arstechnica.com/security/news/2010/03/govts-certificate-authorities-co nspire-to-spy-on-ssl-users.ars How could a citizen evade targeted surveillance by government agencies? Anyone see it even possible? That should not be