Re: Verify the integrity of downloaded = archives

From mboxrd@z Thu Jan 1 00:00:00 1970 From: "sMoTo" To: Subject: Verify the integrity of downloaded archives Date: Wed, 5 Nov 2003 21:26:59 +0100 Message-ID: <000001c3a3db$2dad18f0$02000a0a@lady> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C3A3E3.8F7180F0" Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C3A3E3.8F7180F0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hello, how can I verify the integrity of the archives offered on the project page? Is there any possibility? How can I be sure not to work with corrupted data? Best regards. ### Oliver Fritz ### Singerstrasse 80 ### 10243 Berlin ------=_NextPart_000_0001_01C3A3E3.8F7180F0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hello,

how<= /span> can I verify the integrity of the archives = offered on the project page? Is there any possibility? How can I be sure not to = work with corrupted data?

Best regards.

= ;

### = Oliver Fritz

### = Singerstrasse 80

### 10243 = Berlin

------=_NextPart_000_0001_01C3A3E3.8F7180F0-- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: text/plain; charset="iso-8859-1" From: Bill Laut To: Subject: Re: Verify the integrity of downloaded archives Date: Thu, 6 Nov 2003 01:11:16 -0500 References: <000001c3a3db$2dad18f0$02000a0a@lady> In-Reply-To: <000001c3a3db$2dad18f0$02000a0a@lady> MIME-Version: 1.0 Message-Id: <200311060111.16197.wlsel@verizon.net> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov While I'd love to meet a hacker who could successfully break into the NSA's website to install a Trojan (;-), Oliver does bring up a good point. As SELinux gains a wider audience it would be reasonable to anticipate the distro eventually getting mirrored at other sites. Since the use of digital signatures as an integrity-check is now commonplace within the Linux community, would it be reasonable to start posting signatures on the NSA website? Bill On Wednesday 05 November 2003 03:26 pm, sMoTo wrote: > Hello, > > how can I verify the integrity of the archives offered on the project > page? Is there any possibility? How can I be sure not to work with > corrupted data? > > Best regards. > > ### Oliver Fritz > ### Singerstrasse 80 > ### 10243 Berlin -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Subject: Re: Verify the integrity of downloaded archives From: Stephen Smalley To: Bill Laut Cc: SELinux@tycho.nsa.gov In-Reply-To: <200311060111.16197.wlsel@verizon.net> References: <000001c3a3db$2dad18f0$02000a0a@lady> <200311060111.16197.wlsel@verizon.net> Content-Type: text/plain Message-Id: <1068128683.4355.37.camel@moss-spartans.epoch.ncsc.mil> Mime-Version: 1.0 Date: 06 Nov 2003 09:24:43 -0500 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Thu, 2003-11-06 at 01:11, Bill Laut wrote: > While I'd love to meet a hacker who could successfully break into the NSA's > website to install a Trojan (;-), Oliver does bring up a good point. As > SELinux gains a wider audience it would be reasonable to anticipate the > distro eventually getting mirrored at other sites. Since the use of digital > signatures as an integrity-check is now commonplace within the Linux > community, would it be reasonable to start posting signatures on the NSA > website? Possibly. Since we originally released SELinux as a proof of concept / reference implementation and it has never been intended to be a Linux distribution unto itself (although it can be incorporated into one), this hasn't been a major concern in the past. However, I understand the concern. On the other hand, on what basis would you trust the key used to sign the archives and patches? -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzswing.ncsc.mil (jazzswing.ncsc.mil [144.51.68.65]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id hA6MQuSf020676 for ; Thu, 6 Nov 2003 17:26:56 -0500 (EST) Received: from jazzswing.ncsc.mil (localhost [127.0.0.1]) by jazzswing.ncsc.mil with ESMTP id hA6MQW1W010652 for ; Thu, 6 Nov 2003 22:26:32 GMT Received: from moss-huskies.epoch.ncsc.mil (moss-huskies.epoch.ncsc.mil [144.51.25.7]) by jazzswing.ncsc.mil with ESMTP id hA6MQW5e010649 for ; Thu, 6 Nov 2003 22:26:32 GMT Received: from moss-huskies.epoch.ncsc.mil (localhost.localdomain [127.0.0.1]) by moss-huskies.epoch.ncsc.mil (8.12.8/8.12.8) with ESMTP id hA6MQsh9032645 for ; Thu, 6 Nov 2003 17:26:54 -0500 Received: (from hdholm@localhost) by moss-huskies.epoch.ncsc.mil (8.12.8/8.12.8/Submit) id hA6MQsfk032643 for selinux@tycho.nsa.gov; Thu, 6 Nov 2003 17:26:54 -0500 Date: Thu, 6 Nov 2003 17:15:11 -0500 (EST) From: Dean Anderson To: Stephen Smalley cc: Bill Laut , Subject: Re: Verify the integrity of downloaded archives In-Reply-To: <1068128683.4355.37.camel@moss-spartans.epoch.ncsc.mil> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Well, you don't have to break into the NSA to alter the NSA downloads. All you need is an ISP in the middle. More to the point, when the distro is mirrored, the mirror and the download path is vulnerable. Key trust is a matter of time. I see the Stephen's point of view, but I think the NSA must think that information usually depreciates. In the case of a public key, it appreciates. A key that was obtained good last month, appeared valid last month, and hasn't been reported compromised in the meantime is probably more trustworthy than a certificate just obtained at the same time as the download which it will be used to check. So that is how I base trust in the key used to sign the distributions. The value cycle of a key is like that of a boat: It appreciates for a time, and then expires, and the value collapses. The NSA does not need to obtain a certificate from Verisign** or some other CA in order to have trusted public keys. It just needs to be able to distribute them widely, so that they can appreciate in value. ** No doubt it would be totally upsidedown to the NSA to have Verisign or some other company vouch for the NSA. How ridiculous. That is like having a private certify the orders of a general. Although, as I write this, I wonder what Cert's the NSA uses on its secure web sites... I would think that the NSA would have its own Certificate Authority, as its mission is to provide communications security for government organizations, some of which must have their own secure web pages. If it has a CA, and the CA certificate is commercially distributed, then getting a cert to sign the distro should be a matter of internal paperwork, No? --Dean On 6 Nov 2003, Stephen Smalley wrote: > On Thu, 2003-11-06 at 01:11, Bill Laut wrote: > > While I'd love to meet a hacker who could successfully break into the NSA's > > website to install a Trojan (;-), Oliver does bring up a good point. As > > SELinux gains a wider audience it would be reasonable to anticipate the > > distro eventually getting mirrored at other sites. Since the use of digital > > signatures as an integrity-check is now commonplace within the Linux > > community, would it be reasonable to start posting signatures on the NSA > > website? > > Possibly. Since we originally released SELinux as a proof of concept / > reference implementation and it has never been intended to be a Linux > distribution unto itself (although it can be incorporated into one), > this hasn't been a major concern in the past. However, I understand the > concern. On the other hand, on what basis would you trust the key used > to sign the archives and patches? > > -- > Stephen Smalley > National Security Agency > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with > the words "unsubscribe selinux" without quotes as the message. > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <3FAAD11A.9030608@hotmail.com> Date: Thu, 06 Nov 2003 22:54:18 +0000 From: James de Lurker Reply-To: see.the.sig.2.reply.by.email.offlist@hotmail.com MIME-Version: 1.0 To: SELinux@tycho.nsa.gov Subject: Re: Verify the integrity of downloaded archives References: <000001c3a3db$2dad18f0$02000a0a@lady> <200311060111.16197.wlsel@verizon.net> <1068128683.4355.37.camel@moss-spartans.epoch.ncsc.mil> In-Reply-To: <1068128683.4355.37.camel@moss-spartans.epoch.ncsc.mil> Content-Type: text/plain; charset=us-ascii; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Stephen Smalley wrote: > On Thu, 2003-11-06 at 01:11, Bill Laut wrote: [..] >>SELinux gains a wider audience it would be reasonable to anticipate the >>distro eventually getting mirrored at other sites. It already is! I frequently use the "Wiretapped" Australian site as a convenient place that centralises security related stuff. Recommended. ftp://ftp.wiretapped.net/pub/security/operating-systems/selinux/ http://www.wiretapped.net/ >>............................................. Since the use of digital >>signatures as an integrity-check is now commonplace within the Linux >>community, would it be reasonable to start posting signatures on the NSA >>website? A list of MD5s against files, itself wrapped in a digital signature would be extremely useful. Authentication is nice, to eliminate the possible of MiM attacks on ftp delivery ( or directly compromised ftp services, as has already happened, with some key open source applications ). For the most part, integrity checking against accidental damage rather than malicious tampering is needed. Even better - "par" Reed Solomon matrix error correction files in the file groups are a great way of checking against storage media degradation. Fix the damage rather than only detect it after downloading a particularly large archive file, or ISO image. http://parchive.sourceforge.net/ [..] >...........On the other hand, on what basis would you trust the key used > to sign the archives and patches? > Not perfect, but a "Web of Trust" that incorporated contributors I've met. Russell, to name but one. A separate "site key" that had such authority, with appropriate disclaimers for the NSA's purposes of course... Reasonably confident that a suitable exchange protocol could be established by private email from the regulars that have met in person, to make remote key signing exchanges of a site signature key viable. How does that sound? -- -- James From and Reply To are INVALID. All public postings use munged headers[1]- To contact me off list: 1) Remove "M U N G I E j u m p" ONLY: leave that "nospam" in there! 2) change "hotmail" 2 "myrealbox" after the @ -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzswing.ncsc.mil (jazzswing.ncsc.mil [144.51.68.65]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id hA70gQSf021143 for ; Thu, 6 Nov 2003 19:42:26 -0500 (EST) Received: from jazzswing.ncsc.mil (localhost [127.0.0.1]) by jazzswing.ncsc.mil with ESMTP id hA70g11W018577 for ; Fri, 7 Nov 2003 00:42:01 GMT Received: from moss-huskies.epoch.ncsc.mil (moss-huskies.epoch.ncsc.mil [144.51.25.7]) by jazzswing.ncsc.mil with ESMTP id hA70g15e018574 for ; Fri, 7 Nov 2003 00:42:01 GMT Received: from moss-huskies.epoch.ncsc.mil (localhost.localdomain [127.0.0.1]) by moss-huskies.epoch.ncsc.mil (8.12.8/8.12.8) with ESMTP id hA70gNh9000653 for ; Thu, 6 Nov 2003 19:42:23 -0500 Received: (from hdholm@localhost) by moss-huskies.epoch.ncsc.mil (8.12.8/8.12.8/Submit) id hA70gN6g000651 for selinux@tycho.nsa.gov; Thu, 6 Nov 2003 19:42:23 -0500 Date: Fri, 7 Nov 2003 11:35:50 +1100 From: Brian May To: SELinux@tycho.nsa.gov Subject: Re: Verify the integrity of downloaded archives Message-ID: <20031107003549.GA10262@snoopy.apana.org.au> References: <1068128683.4355.37.camel@moss-spartans.epoch.ncsc.mil> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Thu, Nov 06, 2003 at 05:15:11PM -0500, Dean Anderson wrote: > Well, you don't have to break into the NSA to alter the NSA downloads. All > Key trust is a matter of time. I see the Stephen's point of view, but I > think the NSA must think that information usually depreciates. In the case > of a public key, it appreciates. A key that was obtained good last month, The longer a public key is available, the more chance attackers have had to steal the corresponding private key... -- Brian May -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Message-Id: <200311070606.hA765u5e029690@jazzswing.ncsc.mil> Reply-To: From: "Operations Staff" To: Subject: RE: Verify the integrity of downloads Date: Thu, 6 Nov 2003 23:05:33 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000E_01C3A4BA.7EE40190" In-Reply-To: <20031107003549.GA10262@snoopy.apana.org.au> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov This is a multi-part message in MIME format. ------=_NextPart_000_000E_01C3A4BA.7EE40190 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable In this case the demand is not high enough to require a mirror. This seems a bit early in the game to focus on. The NSA has excellent connections/servers. I doubt distribution will be a problem anytime soon. =20 Joop Cousteau lite-bulb security team On Thu, Nov 06, 2003 at 05:15:11PM -0500, Dean Anderson wrote: > Well, you don't have to break into the NSA to alter the NSA downloads. = All > Key trust is a matter of time. I see the Stephen's point of view, but = I > think the NSA must think that information usually depreciates. In the = case > of a public key, it appreciates. A key that was obtained good last = month, The longer a public key is available, the more chance attackers have had to steal the corresponding private key... -- Brian May bam@snoopy.apana.org.au ------=_NextPart_000_000E_01C3A4BA.7EE40190 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Re: Verify the integrity of downloaded = archives

In this case the demand = is not high=20 enough to require a mirror.

This seems a bit early in the game to focus = on.=20 The

NSA has excellent connections/servers. I = doubt=20 distribution

will be a problem anytime=20 soon.

Joop Cousteau

lite-bulb security=20 team

On Thu, Nov 06, 2003 at = 05:15:11PM -0500,=20 Dean Anderson wrote:
> Well, you don't have to break into the NSA = to alter=20 the NSA downloads. All
> Key trust is a matter of time. I = see the=20 Stephen's point of view, but I
> think the NSA must think that = information=20 usually depreciates. In the case
> of a public key, it = appreciates. A key=20 that was obtained good last month,

The longer a public key is = available,=20 the more chance attackers have had
to steal the corresponding private = key...
--
Brian May bam@snoopy.apana.org.au

------=_NextPart_000_000E_01C3A4BA.7EE40190-- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: text/plain; charset="iso-8859-1" From: Bill Laut To: Stephen Smalley Subject: Re: Verify the integrity of downloaded archives Date: Fri, 7 Nov 2003 13:13:32 -0500 Cc: SELinux@tycho.nsa.gov References: <000001c3a3db$2dad18f0$02000a0a@lady> <200311060111.16197.wlsel@verizon.net> <1068128683.4355.37.camel@moss-spartans.epoch.ncsc.mil> In-Reply-To: <1068128683.4355.37.camel@moss-spartans.epoch.ncsc.mil> MIME-Version: 1.0 Message-Id: <200311071313.32442.wlsel@verizon.net> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Thursday 06 November 2003 09:24 am, Stephen Smalley wrote: > On Thu, 2003-11-06 at 01:11, Bill Laut wrote: > > While I'd love to meet a hacker who could successfully break into the > > NSA's website to install a Trojan (;-), Oliver does bring up a good > > point. As SELinux gains a wider audience it would be reasonable to > > anticipate the distro eventually getting mirrored at other sites. Since > > the use of digital signatures as an integrity-check is now commonplace > > within the Linux community, would it be reasonable to start posting > > signatures on the NSA website? > > Possibly. Since we originally released SELinux as a proof of concept / > reference implementation and it has never been intended to be a Linux > distribution unto itself (although it can be incorporated into one), > this hasn't been a major concern in the past. However, I understand the > concern. On the other hand, on what basis would you trust the key used > to sign the archives and patches? > I'm not certain what you mean by "trust." If you're implying a CA like Verisign, no way. Firstly, that would be overkill. Secondly, the idea of NSA going to Verisign for credentials is, well, politically distasteful to say the least and would undoubtedly engender all sorts of unintended consequences, political and otherwise. As to the trustworthiness of the algorithms, I'm not aware of successful published attacks on DSA, et al. The only one that comes to mind is RC5 which IIRC a German cryptogapher nearly all but broke back around 1996. If anyone has better knowledge please feel free to post it. As for "trust" defined by the security of the NSA's website, well, that was why I put the "winking-face" icon after my opening sarcasm: If there's one website that's "hacker-proof," it is the NSA's home page and which is why I and undoubtedly others chuckled at Oliver's innocent cheek. I understand what you said about SELinux being a research project that was never intended as a Linux distro unto itself. Perhaps my use of "distro" was a poor choice to describe the two-part downloads of the patched kernel and userland archive. Nevertheless, now that it's mainstreamed as of v2.6 SELinux is going to gain a much wider audience and as it does it will explode worldwide throughout the Linux community. (As a former free-lance consultant I haven't seen "bottled lightning" this potent since the Internet achieved critical mass around 1991/92, but that's for another thread.) While I believe anyone is secure in downloading SELinux from the NSA's website, as Jim mentioned there's already enough interest in it that other websites have begun mirroring SELinux. And therein lies the problem. As SELinux's popularity grows it will eventually come under attack by whoever has an agenda to push, if only because it carries the NSA's imprimatur. If they can't attack it on the NSA's website they'll go to other, less secure mirrors to do so. Therefore, in order to pre-empt all of that I'm questioning if now wouldn't be the appropriate time to consider some sort of digital signing strategy. Anyway, to finish answering your question concerning key trust: It wouldn't have to be complicated. Perhaps nothing more than just the usual PGP detached signature, one for each download, with the signing done on an air-gapped PC and the public key and sigs distributed on the NSA's website, with the public key included in the patched kernel's Documentation directory as distributed by www.kernel.org and/or maybe uploaded to a number of public keyservers. Does this sound reasonable? Am I forgetting or overlooking anything? Bill -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Russell Coker Reply-To: russell@coker.com.au To: , Subject: Re: Verify the integrity of downloads Date: Sun, 9 Nov 2003 09:08:25 +1100 References: <200311070606.hA765u5e029690@jazzswing.ncsc.mil> In-Reply-To: <200311070606.hA765u5e029690@jazzswing.ncsc.mil> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Message-Id: <200311090908.25422.russell@coker.com.au> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Fri, 7 Nov 2003 17:05, Operations Staff wrote: > In this case the demand is not high enough to require a mirror. > This seems a bit early in the game to focus on. The > NSA has excellent connections/servers. I doubt distribution > will be a problem anytime soon. A letter was published in the November issue of Linux Journal from a user in the Netherlands who complains about never getting access to the NSA web site and who suspects that the Netherlands has been blocked. I don't believe that the Netherlands has been blocked, I had no problems downloading SE Linux files when I lived there and Paul Dwerryhouse (who lives there now) appears not to have any problems. But in any case at least one person has a good cause to want a mirror of the NSA site. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Russell Coker Reply-To: russell@coker.com.au To: Stephen Smalley Subject: Re: Verify the integrity of downloaded archives Date: Sun, 9 Nov 2003 09:16:51 +1100 Cc: SELinux@tycho.nsa.gov References: <000001c3a3db$2dad18f0$02000a0a@lady> <200311060111.16197.wlsel@verizon.net> <1068128683.4355.37.camel@moss-spartans.epoch.ncsc.mil> In-Reply-To: <1068128683.4355.37.camel@moss-spartans.epoch.ncsc.mil> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Message-Id: <200311090916.51612.russell@coker.com.au> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Fri, 7 Nov 2003 01:24, Stephen Smalley wrote: > On Thu, 2003-11-06 at 01:11, Bill Laut wrote: > > While I'd love to meet a hacker who could successfully break into the > > NSA's website to install a Trojan (;-), Oliver does bring up a good > > point. As SELinux gains a wider audience it would be reasonable to > > anticipate the distro eventually getting mirrored at other sites. Since > > the use of digital signatures as an integrity-check is now commonplace > > within the Linux community, would it be reasonable to start posting > > signatures on the NSA website? > > Possibly. Since we originally released SELinux as a proof of concept / > reference implementation and it has never been intended to be a Linux > distribution unto itself (although it can be incorporated into one), > this hasn't been a major concern in the past. However, I understand the > concern. On the other hand, on what basis would you trust the key used > to sign the archives and patches? I think that the correct proceedure is for a GPG key to be established for the sole purpose of signing SE Linux releases. Then that key would be signed by keys from you, Howard, and Pete Loscocco (the three NSA people who seem to meet the most people who are in the web of trust). Then once you get your keys signed by a few people I think that everyone will be satisfied by the key integrity. This is essentially the same proceedure that is used for the kernel source signatures on kernel.org. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzswing.ncsc.mil (jazzswing.ncsc.mil [144.51.68.65]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id hACEtQSf013196 for ; Wed, 12 Nov 2003 09:55:26 -0500 (EST) Received: from jazzswing.ncsc.mil (localhost [127.0.0.1]) by jazzswing.ncsc.mil with ESMTP id hACEstBb028359 for ; Wed, 12 Nov 2003 14:54:55 GMT Received: from moss-huskies.epoch.ncsc.mil (moss-huskies.epoch.ncsc.mil [144.51.25.7]) by jazzswing.ncsc.mil with ESMTP id hACEst4o028354 for ; Wed, 12 Nov 2003 14:54:55 GMT Received: from moss-huskies.epoch.ncsc.mil (localhost.localdomain [127.0.0.1]) by moss-huskies.epoch.ncsc.mil (8.12.8/8.12.8) with ESMTP id hACEtIh9018927 for ; Wed, 12 Nov 2003 09:55:18 -0500 Received: (from hdholm@localhost) by moss-huskies.epoch.ncsc.mil (8.12.8/8.12.8/Submit) id hACEtI52018925 for selinux@tycho.nsa.gov; Wed, 12 Nov 2003 09:55:18 -0500 Date: Mon, 10 Nov 2003 20:05:05 -0500 (EST) From: Dean Anderson To: Russell Coker cc: nmcc@verysmartpeople.net, Subject: Re: Verify the integrity of downloads In-Reply-To: <200311090908.25422.russell@coker.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Certain ISPs in the Netherlands permit scanning that other ISPs think is inappropriate. Thus, said ISPs are blocked from entering the US by certain American ISPs. This could affect the NSA public sites, I suppose. On the other hand, it could the user's ISP that is blocking the NSA... One used to be able to tell where the block was by the ICMP error return, but some many ISPs are blocking ICMP these days that it is hard to tell what is wrong, or where. --Dean On Sun, 9 Nov 2003, Russell Coker wrote: > On Fri, 7 Nov 2003 17:05, Operations Staff wrote: > > In this case the demand is not high enough to require a mirror. > > This seems a bit early in the game to focus on. The > > NSA has excellent connections/servers. I doubt distribution > > will be a problem anytime soon. > > A letter was published in the November issue of Linux Journal from a user in > the Netherlands who complains about never getting access to the NSA web site > and who suspects that the Netherlands has been blocked. > > I don't believe that the Netherlands has been blocked, I had no problems > downloading SE Linux files when I lived there and Paul Dwerryhouse (who lives > there now) appears not to have any problems. > > But in any case at least one person has a good cause to want a mirror of the > NSA site. > > -- > http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages > http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark > http://www.coker.com.au/postal/ Postal SMTP/POP benchmark > http://www.coker.com.au/~russell/ My home page > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with > the words "unsubscribe selinux" without quotes as the message. > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzband.ncsc.mil (jazzband.ncsc.mil [144.51.5.4]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id hACNx6Sf016434 for ; Wed, 12 Nov 2003 18:59:06 -0500 (EST) Received: from jazzband.ncsc.mil (localhost [127.0.0.1]) by jazzband.ncsc.mil with ESMTP id hACNx5qY020506 for ; Wed, 12 Nov 2003 23:59:05 GMT Received: from moss-huskies.epoch.ncsc.mil (moss-huskies.epoch.ncsc.mil [144.51.25.7]) by jazzband.ncsc.mil with ESMTP id hACNx50o020503 for ; Wed, 12 Nov 2003 23:59:05 GMT Received: from moss-huskies.epoch.ncsc.mil (localhost.localdomain [127.0.0.1]) by moss-huskies.epoch.ncsc.mil (8.12.8/8.12.8) with ESMTP id hACNx4h9019709 for ; Wed, 12 Nov 2003 18:59:04 -0500 Received: (from hdholm@localhost) by moss-huskies.epoch.ncsc.mil (8.12.8/8.12.8/Submit) id hACNx4eV019707 for selinux@tycho.nsa.gov; Wed, 12 Nov 2003 18:59:04 -0500 From: Russell Coker Reply-To: russell@coker.com.au To: Dean Anderson Subject: Re: Verify the integrity of downloads Date: Thu, 13 Nov 2003 10:54:48 +1100 Cc: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Message-Id: <200311131054.48634.russell@coker.com.au> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Tue, 11 Nov 2003 12:05, Dean Anderson wrote: > Certain ISPs in the Netherlands permit scanning that other ISPs think is > inappropriate. Thus, said ISPs are blocked from entering the US by > certain American ISPs. This could affect the NSA public sites, I suppose. Every ISP that has any customers permits scanning that some ISPs won't like. If you lock down customers too much they go elsewhere. The solution to such problems is to avoid getting hosting through American ISPs that put in stupid filters. > On the other hand, it could the user's ISP that is blocking the NSA... Unlikely. Blocking web servers makes the ISP an "editor" of the Internet content (and therefore legally liable to some degree for what they don't censor). This is why hardly any ISPs block the truely objectionable material. > One used to be able to tell where the block was by the ICMP error return, > but some many ISPs are blocking ICMP these days that it is hard to tell > what is wrong, or where. If we got in contact with the person who reported this problem then we could probably track it down in a small amount of time. The real problem here is that we don't even have contact with the person who had the problem (and lots of people want to download SE Linux without identifying themselves, so presumably they aren't the only one). For the record anyone who has problems downloading SE Linux related files from the NSA site can contact me by email or IRC (I am usually on #selinux on irc.freenode.net) and I'll help track it down. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzswing.ncsc.mil (jazzswing.ncsc.mil [144.51.68.65]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id hAD0FDSf016526 for ; Wed, 12 Nov 2003 19:15:13 -0500 (EST) Received: from jazzswing.ncsc.mil (localhost [127.0.0.1]) by jazzswing.ncsc.mil with ESMTP id hAD0ElBb011885 for ; Thu, 13 Nov 2003 00:14:47 GMT Received: from moss-huskies.epoch.ncsc.mil (moss-huskies.epoch.ncsc.mil [144.51.25.7]) by jazzswing.ncsc.mil with ESMTP id hAD0El4o011882 for ; Thu, 13 Nov 2003 00:14:47 GMT Received: from moss-huskies.epoch.ncsc.mil (localhost.localdomain [127.0.0.1]) by moss-huskies.epoch.ncsc.mil (8.12.8/8.12.8) with ESMTP id hAD0FCh9019737 for ; Wed, 12 Nov 2003 19:15:12 -0500 Received: (from hdholm@localhost) by moss-huskies.epoch.ncsc.mil (8.12.8/8.12.8/Submit) id hAD0FCRc019735 for selinux@tycho.nsa.gov; Wed, 12 Nov 2003 19:15:12 -0500 Subject: Re: Verify the integrity of downloads From: Howard Holm To: Russell Coker Cc: Dean Anderson , SELinux@tycho.nsa.gov In-Reply-To: <200311131054.48634.russell@coker.com.au> References: <200311131054.48634.russell@coker.com.au> Content-Type: text/plain Message-Id: <1068682234.8301.85.camel@moss-huskies> Mime-Version: 1.0 Date: 12 Nov 2003 19:10:34 -0500 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov I'm sure Russell would do his best to help, but if you contact me, I might be able to be of more immediate help. Of course, if you are having trouble reaching NSA's web servers you may also be having trouble reaching our mail servers. If my primary e-mail address (below) isn't working for you, you're welcome to try hdholm@users.sourceforge.net. On Wed, 2003-11-12 at 18:54, Russell Coker wrote: > For the record anyone who has problems downloading SE Linux related files from > the NSA site can contact me by email or IRC (I am usually on #selinux on > irc.freenode.net) and I'll help track it down. -- Howard Holm Office of Defensive Computing Research National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzswing.ncsc.mil (jazzswing.ncsc.mil [144.51.68.65]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id hAEMFmRb027907 for ; Fri, 14 Nov 2003 17:15:48 -0500 (EST) Received: from jazzswing.ncsc.mil (localhost [127.0.0.1]) by jazzswing.ncsc.mil with ESMTP id hAEMFLBb024053 for ; Fri, 14 Nov 2003 22:15:21 GMT Received: from moss-huskies.epoch.ncsc.mil (moss-huskies.epoch.ncsc.mil [144.51.25.7]) by jazzswing.ncsc.mil with ESMTP id hAEMFL4o024050 for ; Fri, 14 Nov 2003 22:15:21 GMT Received: from moss-huskies.epoch.ncsc.mil (localhost.localdomain [127.0.0.1]) by moss-huskies.epoch.ncsc.mil (8.12.8/8.12.8) with ESMTP id hAEMFkh9023310 for ; Fri, 14 Nov 2003 17:15:47 -0500 Received: (from hdholm@localhost) by moss-huskies.epoch.ncsc.mil (8.12.8/8.12.8/Submit) id hAEMFkHp023308 for selinux@tycho.nsa.gov; Fri, 14 Nov 2003 17:15:46 -0500 Date: Fri, 14 Nov 2003 16:59:58 -0500 (EST) From: Dean Anderson To: Russell Coker cc: SELinux@tycho.nsa.gov Subject: Re: Verify the integrity of downloads In-Reply-To: <200311131054.48634.russell@coker.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Thu, 13 Nov 2003, Russell Coker wrote: > On Tue, 11 Nov 2003 12:05, Dean Anderson wrote: > > Certain ISPs in the Netherlands permit scanning that other ISPs think is > > inappropriate. Thus, said ISPs are blocked from entering the US by > > certain American ISPs. This could affect the NSA public sites, I suppose. > > Every ISP that has any customers permits scanning that some ISPs won't > like. If you lock down customers too much they go elsewhere. The > solution to such problems is to avoid getting hosting through American > ISPs that put in stupid filters. Well, Av8 doesn't have any such customers. Few ISPs do. And mostly, the ISPs that have such customers respond positively to complaints about such scanning, and make the customers knock it off. Some certain Netherlands ISPs do not. I would offer to be a mirror site, but very likely, we are also blocking this Netherlands ISP, or will be soon. Probably the solution is to avoid getting service through a Netherlands ISP that permits this scanning. It should not be overlooked that the purpose of this scanning is to obtain information and/or crash computers, or contact virus-infected machines. There is no legitimate purpose to this scanning activity. At best it is mischief and frequently, it is criminal. > > On the other hand, it could the user's ISP that is blocking the NSA... > > Unlikely. Blocking web servers makes the ISP an "editor" of the Internet > content (and therefore legally liable to some degree for what they don't > censor). This is why hardly any ISPs block the truely objectionable > material. The "editor"-ness would be true of either ISP. Why is it more likely for one ISP to be blocking than for the other ISP to be blocking? I left out the case that it might be an ISP in the middle. But that is also possible. But since the netherlands ISP doesn't have to worry about US law, and presumably doesn't have to worry about the editing of content from the US government, it seems to me that of the (minimum) two ISPs involved, the Netherlands ISP probably has the least liability for blocking. > > One used to be able to tell where the block was by the ICMP error > > return, but some many ISPs are blocking ICMP these days that it is > > hard to tell what is wrong, or where. > > If we got in contact with the person who reported this problem then we > could probably track it down in a small amount of time. The real > problem here is that we don't even have contact with the person who had > the problem (and lots of people want to download SE Linux without > identifying themselves, so presumably they aren't the only one). True enough. That is why most ISPs don't accept abuse reports that don't identify the parties involved. Certain anti-s*am sites send abuse reports in which the victim's address is removed. --Dean -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzband.ncsc.mil (jazzband.ncsc.mil [144.51.5.4]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id hAEMkwRb028080 for ; Fri, 14 Nov 2003 17:46:58 -0500 (EST) Received: from jazzband.ncsc.mil (localhost [127.0.0.1]) by jazzband.ncsc.mil with ESMTP id hAEMkvqY024401 for ; Fri, 14 Nov 2003 22:46:57 GMT Received: from moss-huskies.epoch.ncsc.mil (moss-huskies.epoch.ncsc.mil [144.51.25.7]) by jazzband.ncsc.mil with ESMTP id hAEMku0o024398 for ; Fri, 14 Nov 2003 22:46:56 GMT Received: from moss-huskies.epoch.ncsc.mil (localhost.localdomain [127.0.0.1]) by moss-huskies.epoch.ncsc.mil (8.12.8/8.12.8) with ESMTP id hAEMkuh9023488 for ; Fri, 14 Nov 2003 17:46:56 -0500 Received: (from hdholm@localhost) by moss-huskies.epoch.ncsc.mil (8.12.8/8.12.8/Submit) id hAEMkuMd023486 for selinux@tycho.nsa.gov; Fri, 14 Nov 2003 17:46:56 -0500 Received: from jazzswing.ncsc.mil (jazzswing.ncsc.mil [144.51.68.65]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id hAEMVjRb028000 for ; Fri, 14 Nov 2003 17:31:45 -0500 (EST) Received: from jazzswing.ncsc.mil (localhost [127.0.0.1]) by jazzswing.ncsc.mil with ESMTP id hAEMVIBb024897 for ; Fri, 14 Nov 2003 22:31:18 GMT Received: from epoch.ncsc.mil (facesaver.epoch.ncsc.mil [144.51.25.10]) by jazzswing.ncsc.mil with ESMTP id hAEMVH4o024894 for ; Fri, 14 Nov 2003 22:31:17 GMT Subject: Re: Verify the integrity of downloads From: Howard Holm To: selinux@tycho.nsa.gov Cc: Russell Coker , Dean Anderson In-Reply-To: References: Content-Type: text/plain Message-Id: <1068849068.22325.16.camel@moss-huskies> Mime-Version: 1.0 Date: 14 Nov 2003 17:31:08 -0500 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov We're starting to drift a little off topic folks. If you have comments specific to accessing SELinux or verifying SELinux downloads, great. But lets take the more general discussion of ISP blocking, scanning, etc. elsewhere. Thanks. -- Howard Holm Office of Defensive Computing Research National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.