[wp-trac] [WordPress Trac] #18577: Updates and downloads should be signed or delivered securely
WordPress Trac
noreply at wordpress.org
Tue Jul 30 12:17:35 UTC 2013
#18577: Updates and downloads should be signed or delivered securely
-----------------------------+------------------------------
Reporter: wplid | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion |
-----------------------------+------------------------------
Comment (by dd32):
> The question is whether we care enough.
And thats the key.
If we really care about this, it has to be 100% or nothing in my mind, If
we just use SSL when available, a MITM attack could render the HTTPS
requests inoperable, triggering a fallback condition.
The fallback options are either plain HTTP (Which would be the most compat
and user friendly option) or a non-user-friendly "Sorry, go do it
yourself" option - and lets face it, those on servers which cannot do
HTTPS connections are generally going to be the people who need auto-
updates in the first place.
Although we want to / need to verify the packages, I personally hold user
experience higher than a potential MITM attack on a server which the user
probably doesn't control.
> This is possible in PHP userland with something like phpseclib and
means we can avoid rolling our own for the most part.
Just saying in passing, phpseclib is also used by the plugin which
replaces cores php_ssh2 update transport with a pure php transport method
for 100% server compatibility.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18577#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list