Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp996264ybh; Mon, 13 Jul 2020 06:51:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzo6Pmr2n1yln+/hyvOoFRcuiQi8puyBdIHjt5kXdpZ9iLICVlkRa/5ZBfQqw05D+uYpnmx X-Received: by 2002:a17:907:11ce:: with SMTP id va14mr63308184ejb.189.1594648294842; Mon, 13 Jul 2020 06:51:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594648294; cv=none; d=google.com; s=arc-20160816; b=nBaiec6mjx8rnUGM2GPW9Kc9/LeGyEWukFFx6xilZoaUI1HQEuvTO5aXKLrVTkV3yb pyK5FXsp0a3QjmI3Y0xgKlwtqeA5D4QJQWH98+uyPOqiacD+6EpUlGyxMIKgYglAYE7N rxa/e6H625BRoVeog0R6RyfNaukxIGshN7wucxiq/MV+WENV0+KHfKpJJGQg9PSuVShA qOT8ro0LW0vXlMPgwm6cgGJtQWaVoFIsaBgaW6+AI3igNRlZdAMjuuhmr6croDAvpIJL eprTiDfh6Pn20Rdrj/sIC/fxIfHFhevVUHciBCwIRe6m5vNOyNVUmH2ulzFs6ErP5bxd c5Tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=vlrDlUYUKGml5UggZTrPldaeCrJJpueT2vaP2F68WPk=; b=DKbS9mS3LvbSfOnqru7XEQj/9SVXVoAnFdHEJD2LAF4oQqFZ0+jMu/eFiIFDM8grl6 SJj07L6Rm7+5O5V1fEzDWHIL+wvPpJ3imnVNfFVMEVxyHKm+shxNj84ueBXff/oCJMvm XyMSU3EITLz8lcHshUmQwv0ADGl82MHyH/0+uHC8N4zlEhaV/9/8Q8py08UkRhhXnwjd oIxjYYlO9j4P93V8X7XhdKHNc0R2b6ZXsRB8z+A1/mGy8o2w/88Mm/BcdP4KOpeMI4HM 9fcEs9Uwcf87fGFl87/WxuRvtwoYgxVOV7UnW0y2a/rCjI4A8GxPIMwMBrYYrKqpoqzE Ss/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ziepe.ca header.s=google header.b=CMkxtAGi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g13si8433224edy.128.2020.07.13.06.51.11; Mon, 13 Jul 2020 06:51:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ziepe.ca header.s=google header.b=CMkxtAGi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729969AbgGMNug (ORCPT + 99 others); Mon, 13 Jul 2020 09:50:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51846 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729873AbgGMNue (ORCPT ); Mon, 13 Jul 2020 09:50:34 -0400 Received: from mail-qt1-x843.google.com (mail-qt1-x843.google.com [IPv6:2607:f8b0:4864:20::843]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F34C6C061794 for ; Mon, 13 Jul 2020 06:50:33 -0700 (PDT) Received: by mail-qt1-x843.google.com with SMTP id g13so9916337qtv.8 for ; Mon, 13 Jul 2020 06:50:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ziepe.ca; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=vlrDlUYUKGml5UggZTrPldaeCrJJpueT2vaP2F68WPk=; b=CMkxtAGi5opCIFDLDXatbH+st+eB5Ijn5qpYvzvMWfQ90tknvaEy3MWVjkhemIW8eG U5/7yxTthqhhWaMF/SpDUkLPGfC8wmS+ZoPJxCjfWU4vs+KvgGotLhm8u/F79uArh6vf 1Ds0opoMWMhCcpz6uuq1Ant+g33AgkPod8rY6ovOdjQnv8ZkjVJBbP5HvcAIVonbgi6+ 940mziew1e1lRJYw16UpuD1W1jd+ofNNjVqHZvyIf8Dxe0jyq4mjBrXTtjfA4Gy45JyL mxhnBofUAvf8q4M4qCdC5UnJ4rTOMRmGIXxgyz/SWGDdf5yxktbW9ueC4//mrcduf65f sCDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=vlrDlUYUKGml5UggZTrPldaeCrJJpueT2vaP2F68WPk=; b=AmAF9bMgC5igplKHaPRmKjQ7o9uUCkf+tbIdrRUjrmdPD/zMwr595I5w94Rsa8czCh 3PyOScg92B+GtgflN4vM+He63xDY8dmEHEld95Ja9PvytUrtyfa+nSdNAT6JOAw9lDdi n2My9RXJDEkJ3+WSy5mQwxTqQb0k8KTz/cyfBww1otpsLkX8Bbp/ckVgUEdY1An5tc5q J8syqF7c81nxv/bYTKtmh0BFz44sNfpK63OZV3HTY/mGL1U5Z41vaqsw/rKl7iS3LzCK UwizW2vu60anx6gOdf9idB9vLbD+Y6QWPz4EY1WBcibnvHGR/RL6Ly5Od8GWMtkkgFjn qwgQ== X-Gm-Message-State: AOAM531wr3XDh9JaiSAIUCVJj25C9ZZXAnrO6bUJFyhXFxYXw99h6x2o 60rnH9yWT4IIiSFdmPELYi5HY3asTe3ZWg== X-Received: by 2002:ac8:4588:: with SMTP id l8mr85227289qtn.189.1594648232276; Mon, 13 Jul 2020 06:50:32 -0700 (PDT) Received: from ziepe.ca (hlfxns017vw-156-34-48-30.dhcp-dynamic.fibreop.ns.bellaliant.net. [156.34.48.30]) by smtp.gmail.com with ESMTPSA id a185sm18070623qkg.3.2020.07.13.06.50.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Jul 2020 06:50:31 -0700 (PDT) Received: from jgg by mlx with local (Exim 4.93) (envelope-from ) id 1juyql-009hrJ-6b; Mon, 13 Jul 2020 10:50:31 -0300 Date: Mon, 13 Jul 2020 10:50:31 -0300 From: Jason Gunthorpe To: "Alexander A. Klimov" Cc: Bart Van Assche , dledford@redhat.com, linux-rdma@vger.kernel.org, target-devel@vger.kernel.org, linux-kernel@vger.kernel.org, Jonathan Corbet , Linus Torvalds , David Miller , Greg KH Subject: Re: [PATCH] SCSI RDMA PROTOCOL (SRP) TARGET: Replace HTTP links with HTTPS ones Message-ID: <20200713135031.GA25301@ziepe.ca> References: <20200709194820.27032-1-grandmaster@al2klimov.de> <3d230abd-752e-8ac1-e18d-b64561b409ff@acm.org> <8fca4633-41ad-7e86-2354-36381bf5c734@al2klimov.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jul 12, 2020 at 10:15:29PM +0200, Alexander A. Klimov wrote: > > > Am 12.07.20 um 21:52 schrieb Bart Van Assche: > > On 2020-07-10 11:12, Alexander A. Klimov wrote: > > > Am 10.07.20 um 16:22 schrieb Bart Van Assche: > > > > On 2020-07-09 12:48, Alexander A. Klimov wrote: > > > > > diff --git a/drivers/infiniband/ulp/srpt/Kconfig b/drivers/infiniband/ulp/srpt/Kconfig > > > > > index 4b5d9b792cfa..f63b34d9ae32 100644 > > > > > +++ b/drivers/infiniband/ulp/srpt/Kconfig > > > > > @@ -10,4 +10,4 @@ config INFINIBAND_SRPT > > > > >         that supports the RDMA protocol. Currently the RDMA protocol is > > > > >         supported by InfiniBand and by iWarp network hardware. More > > > > >         information about the SRP protocol can be found on the website > > > > > -      of the INCITS T10 technical committee (http://www.t10.org/). > > > > > +      of the INCITS T10 technical committee (https://www.t10.org/). > > > > > > > > It is not clear to me how modifying an URL in a Kconfig file helps to > > > > reduce the attack surface on kernel devs? > > > > > > Not on all, just on the ones who open it. > > > > Is changing every single HTTP URL in the kernel into a HTTPS URL the best > > solution? Is this the only solution? Has it been considered to recommend > > kernel developers who are concerned about MITM attacks to install a browser > > extension like HTTPS Everywhere instead? > I've installed that addon myself. > But IMAO it's just a workaround which is (not available to all browsers, not > installed by default in any of them and) not even 100% secure unless you > tick a particular checkbox. > > Anyway the majority of maintainers and Torvalds himself agree with my > solution. > > I mean, just look at > git log '--author=Alexander A. Klimov ' \ > > Or (better) wait for v5.9-rc1 (and all the yet just applied patches it will > consist of) *and then* run the command. Well, if you are going to do this please send just one patch for all of drivers/infiniband/ and include/rdma I don't need to see it broken up any more than that Jason