Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Updater Proposal
From: ricec2 () rpi edu
Date: Thu, 19 May 2011 12:50:32 -0400



All the discussion so far, as I can see (sorry if I missed anything)
is about how to make sure that the whole update process is secure, but
I didn't see any discussion on the performance on the update servers
that this could have. Currently there is a lot of nmap users out there
and when they all start to run the version of nmap that will support
autoupdates/upgrades the amount of the traffic generated could be
significant. Maybe a thought of a different transport mechanism to
spread the load of the updates - torrent for example or something
similar.
Just an idea to think about.

Thanks for your suggestions. I'm glad this topic has provoked some
discussion and I know that Colin is paying attention to your ideas.

I've asked Colin not to worry about things like binary diffs and the
size of updates for the time being. Those are big topics on their own
and I fear that optimizing for them too early will hinder the
development of something that works. I think our priorities should be
first safety, then performance.

This may mean downloading a subset of the available files (but whole
files) quite frequently, or downloading all the files somewhat less
frequently.

David Fifield

My understanding is that TUF is currently set up so that you only have to 
download the changed files. What happens is that you connect to a mirror, 
authenticate for time etc.. and then once you are satisfied with the mirror 
you check hashes?(I'm not completely sure what it uses) and then it will 
pull all of the newer files that are different and do authentication etc...

So while its not as efficient as it could be it shouldn't be ridiculous
except for when the entire world tries to update at once.

Setting up TUF to use torrents opens up a giant mess of authentication
issues. You could probably rig something up with DHT similar to apt-p2p
but it is more of a nice addon for afterwards.

-Colin


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]