Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp499031ybh; Sun, 12 Jul 2020 13:16:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxcfG3bYhpL2waOUY3NvW6P5cCPB/MKlinei/aJslCnzcANiPN4YLwo44yWO4HPrDtlScSu X-Received: by 2002:a05:6402:3138:: with SMTP id dd24mr89933920edb.118.1594584971675; Sun, 12 Jul 2020 13:16:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594584971; cv=none; d=google.com; s=arc-20160816; b=w0XjEnl9pq8CAc752aA3u0sSNsW5pmIJBtM5SUH9e06KXB2TSBZp95UXDGt7DSFYP2 EBGLQk7mI20drg3VyygWM7QCVCszCpQ7rST6bg37L+wQS9ZA3wPldFR60nGRDOWcAjja ieN1TeEXCK3+HP8a8t8zlWaFqmBfdpzfurSUZCI+b72wmoLCYlVmS5J5NjWVTzVFStte ZdKfDE2TdcFq2aeGv62U14guze2Psm0p/rN52ZbLHB1uCClAtF1XkjgMJEBI7mDmMqjw 48a2WLkxOEhBe/KaxL8qP+8sdyjFDo4Z1jrrIB3/sHFotDNvrTpl4yymnv+8Nz8w+hV0 wxKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:date:message-id:cc:from :references:to:subject; bh=I50zgZfFf9gGrXq0Dxm4LM4YLNplOg4KYl6DLmixM/o=; b=vokLpq46iu2QFKCCGZeqaiBuP2S2KdIk9PNopSGGv+DnClqqDvPARPmWQ6tgMbCHna 2zPBtn/sEzDhHof+ndxIn5StOGpkWA32kuXvVlfziKyTACh70d3prHyTMf6Ioc6zN66P UM+MOXBf9oGqrZqYNPpUrX6PBl7ZRj0/k266hCMr6YxeT4OgaYnYFmi4Y0/dYgFdr9wU QEF1yx/2NfPBLaNYNbl87x92wu0qLsP/UWpNum1h96tSKLaFOyu8Om6h7jLtyLJd5Gl/ MZXAhggjPr1ZO84C+rkHY0jMoyEURdtIWABxE2wY8plg8rUs5wF5bDazdiuFdB2OyZEC 1/wA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c11si8354201edv.140.2020.07.12.13.15.46; Sun, 12 Jul 2020 13:16:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729397AbgGLUPf (ORCPT + 99 others); Sun, 12 Jul 2020 16:15:35 -0400 Received: from smtp.al2klimov.de ([78.46.175.9]:55250 "EHLO smtp.al2klimov.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729012AbgGLUPf (ORCPT ); Sun, 12 Jul 2020 16:15:35 -0400 Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by smtp.al2klimov.de (Postfix) with ESMTPA id 9124ABC07E; Sun, 12 Jul 2020 20:15:30 +0000 (UTC) Subject: Re: [PATCH] SCSI RDMA PROTOCOL (SRP) TARGET: Replace HTTP links with HTTPS ones To: Bart Van Assche , dledford@redhat.com, jgg@ziepe.ca, linux-rdma@vger.kernel.org, target-devel@vger.kernel.org, linux-kernel@vger.kernel.org References: <20200709194820.27032-1-grandmaster@al2klimov.de> <3d230abd-752e-8ac1-e18d-b64561b409ff@acm.org> <8fca4633-41ad-7e86-2354-36381bf5c734@al2klimov.de> From: "Alexander A. Klimov" Cc: Jonathan Corbet , Linus Torvalds , David Miller , Greg KH Message-ID: Date: Sun, 12 Jul 2020 22:15:29 +0200 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Authentication-Results: smtp.al2klimov.de; auth=pass smtp.auth=aklimov@al2klimov.de smtp.mailfrom=grandmaster@al2klimov.de X-Spamd-Bar: / Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Am 12.07.20 um 21:52 schrieb Bart Van Assche: > On 2020-07-10 11:12, Alexander A. Klimov wrote: >> Am 10.07.20 um 16:22 schrieb Bart Van Assche: >>> On 2020-07-09 12:48, Alexander A. Klimov wrote: >>>> diff --git a/drivers/infiniband/ulp/srpt/Kconfig b/drivers/infiniband/ulp/srpt/Kconfig >>>> index 4b5d9b792cfa..f63b34d9ae32 100644 >>>> --- a/drivers/infiniband/ulp/srpt/Kconfig >>>> +++ b/drivers/infiniband/ulp/srpt/Kconfig >>>> @@ -10,4 +10,4 @@ config INFINIBAND_SRPT >>>>         that supports the RDMA protocol. Currently the RDMA protocol is >>>>         supported by InfiniBand and by iWarp network hardware. More >>>>         information about the SRP protocol can be found on the website >>>> -      of the INCITS T10 technical committee (http://www.t10.org/). >>>> +      of the INCITS T10 technical committee (https://www.t10.org/). >>> >>> It is not clear to me how modifying an URL in a Kconfig file helps to >>> reduce the attack surface on kernel devs? >> >> Not on all, just on the ones who open it. > > Is changing every single HTTP URL in the kernel into a HTTPS URL the best > solution? Is this the only solution? Has it been considered to recommend > kernel developers who are concerned about MITM attacks to install a browser > extension like HTTPS Everywhere instead? I've installed that addon myself. But IMAO it's just a workaround which is (not available to all browsers, not installed by default in any of them and) not even 100% secure unless you tick a particular checkbox. Anyway the majority of maintainers and Torvalds himself agree with my solution. I mean, just look at git log '--author=Alexander A. Klimov ' \ --oneline v5.7..master Or (better) wait for v5.9-rc1 (and all the yet just applied patches it will consist of) *and then* run the command. > > Thanks, > > Bart. >