X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=ITU/9JdQOwLWF2/z5SqUZyt1qBgR3UXez/4y+smjayACoLyydHNzb
	2bHQmhUUk6iAcg4SJMgzbRrzmS8xJtqh4//F2o6FGY5uBBGdoZrxfq5/Fz84/bTf
	7CLaQ0LPaDK5rFc/HzX81/cYAN4rAjg52V62IwImZg7lSdJldfxCDk=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	bh=iIthtFy9LradoUepD/cS7jggDh4=; b=YTHmtiy5gM9r4FlZSiDyONMEFOYU
	1+nigr+igIcModjMJPtyjoQGoFlb8Yqza6tVScVIHk1thw6RZeFusZei66Qswhz+
	xggjw4JZ+77Wz9QgLjKJiZDuaDxw/mbUx3FGPr1sKd3iVs8Xtl/Ojg2KcqC9Gnsq
	7wreIAgmegSbFYw=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2
X-HELO:	calimero.vinschen.de
Date:	Wed, 1 Apr 2015 10:30:14 +0200
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: [PATCH] Add FAQ entry on how Cygwin counters man-in-the-middle (MITM) attacks
Message-ID:	<20150401083014.GC493@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<E1Yd0aB-0002gt-Gs AT rmm6prod02 DOT runbox DOT com>
MIME-Version:	1.0
In-Reply-To:	<E1Yd0aB-0002gt-Gs@rmm6prod02.runbox.com>
User-Agent:	Mutt/1.5.23 (2014-03-12)

--LwW0XdcUbUexiWVK
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mar 31 14:08, David A. Wheeler wrote:
> Signed-off-by: David A. Wheeler <dwheeler AT dwheeler DOT com>
> ---
>  winsup/doc/faq-setup.xml | 129 +++++++++++++++++++++++++++++++++++++++++=
+++++-
>  1 file changed, 128 insertions(+), 1 deletion(-)

Ok, it's review time.

First things first, a patch should come with a plain text ChangeLog
entry.  See the ChangeLog file in winsup/doc for examples.  Don't add
the ChangeLog entry to the diffs, just add it verbatim to the mail.

> diff --git a/winsup/doc/faq-setup.xml b/winsup/doc/faq-setup.xml
> index 614d4a9..3764214 100644
> --- a/winsup/doc/faq-setup.xml
> +++ b/winsup/doc/faq-setup.xml
> @@ -156,6 +156,128 @@ and that installing the older version will not help=
 improve Cygwin.
>  </para>
>  </answer></qandaentry>
>=20=20
> +<qandaentry id=3D"faq.setup.mitm">
> +<question><para>How does Cygwin counter man-in-the-middle (MITM) attacks=
 during installation and upgrade?</para></question>
> +<answer>

The title is too specific, IMHO.  What about something along the lines
of "How Cygwin secures the installation process"?

> +<para>
> +A man-in-the-middle (MITM) attack occurs when an attacker secretly relay=
s and
> +possibly alters the communication between two parties
> +who believe they are directly communicating with each other.
> +Here is how Cygwin counters man-in-the-middle (MITM) attacks
> +during installation and update (including enough details so
> +technical people can confirm it):
> +</para>

I would drop this para.  Just refer to=20
https://en.wikipedia.org/wiki/Man-in-the-middle_attack
at some convenient point in the following para.

> +[...]
> +<para>
> +Up through 2015 Cygwin used the MD5 algorithm for cryptographic hashes.
> +Cygwin used both MD5 and length checks, which makes some attacks harder
> +than if Cygwin used only MD5,
> +but MD5 is no longer considered a secure cryptographic hash algorithm.
> +The 2015-02-06 update of the setup program
> +added support for the SHA-512 cryptographic hash algorithm for
> +sigining the <literal>setup.ini</literal> package list, as described in
> +<ulink url=3D"https://cygwin.com/ml/cygwin/2015-02/msg00093.html"/>.
> +The announcement also noted that there will be a switch to SHA-512
> +checksums in the <literal>setup.ini</literal> files.
> +There are no known practical exploits of SHA-512 (SHA-512 is part of the
> +widely-used SHA-2 suite of cryptographic hashes).
> +</para>
> +</answer></qandaentry>

We already switched to sha512, so you can skip the entire MD5
consideration.  Just describe the sha512 checking.

All in all the text looks good to me.  You're not interested to improve
other parts of the documentation as well, by any chance? :)


Thanks,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--LwW0XdcUbUexiWVK
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVG6yWAAoJEPU2Bp2uRE+gYX8P/3q8g5VcS7iv9ysbhelSAe+E
AG9wYCZHI89u/vnHW5d0jXDUQ6YiDjafF32o56u/AJVVenAXzChCFt0h9R3eId7R
UkueddJ7K9p6dtGml4U+MOfJplfT239WiJYZjYo9AY7ppmQdlXZsWGIQOoSYI8WJ
gExsMlh63OKcTYdomwjohLvaCeoBbyN9brBEHRBUftiIdR2Cr4fK93SHx/i7bC0C
E8BNucE+W1tzyKzqUFspOTxuWJfM0EuEd5betLSyElohtgjc/oX2+Co/cKTycRar
Qnwtb5m5zdTN7vfR5ZLONtErEXr+OB1+rHlCVP/i7guFu6vdZ1x5CAebSkZTQRsG
XB6QpGIDSR1JzBdb3l2XvsRHoI2NNVEP23+Cxlui98jDeSs9grYJ4xmno2ECclOI
arCSbQ0fKsP2w7KRr4m0hoj3qPVz0zWYod/Tq8unhwV+R9rzm15kR2C/Chx14O/b
wo3hgrmMgwHdgmOyH58tolGmjkSATodSb+Ux6/a1zRfyR3Dhp/voB4gyIeUBJgHN
IGH1zhkiqucVO1oEVtcFC+4kkCpHx6yrlFxYD3RTUEyTCYuRZGkxJ/Z2FiPpLW+w
/Zi9X+8E2qp42MCm6HG3jfWTE1lbVbMtjKf/IA7Xqdn597D7JZDvnJMUaKbH+QVu
ZvCloUAOaFLZs/IpkIo3
=4XG2
-----END PGP SIGNATURE-----

--LwW0XdcUbUexiWVK--

- Raw text -