[Gnu-arch-users] Re: WebDAV

[Eric S. Johansson]

Colin Walters wrote:

> I didn't find it particularly difficult to secure my arch repository. 
> That said, there is certainly some value in solutions which don't
> require complete control over the host.  But you should remember that
> sftp, being based on ssh, solves some real problems, and is an extremely
> well-audited codebase.

ya well, so is Apache but that did not stop me from being bit by a proxy 
configuration problem even when I follow the recipes in the manual and 
ran the penetration test against it.  like I said, it doesn't failsafe 
and if the system doesn't failsafe, it's not security you can count on.

> For example, you should think carefully about how you're going to
> protect against man-in-the-middle attacks and replay attacks.

life is too short to reinvent the wheel.  I was planning on leveraging 
existing tools/knowledge.

> I solved these problems in arch-pqm by using GPG. 
> http://web.verbum.org/arch-pqm/
>
>
> > more complexity == less security.
>
>
> That's so amazingly naïve I don't quite know how to respond.  I'll just
> assume you were kidding.

no, not kidding.  one of my principles for development:

"""
There are two ways of constructing a software design; one way is to make 
it so simple that there are obviously no deficiencies, and the other way 
is to make it so complicated that there are no obvious deficiencies. The 
first method is far more difficult. - C. A. R. Hoare
"""

Complex system, complex configuration, lower certainty of correctness. 
Which leaves brings us back to my axiom[1], as you increase complexity, 
you effectively have less security.  It's all a property of human 
cognition. Keep it simple for correctness.

---eric


[1] which I admit I reduced a bit too much to a cutesy phrase