Gordon Tetlow
2017-Dec-05 23:18 UTC
http subversion URLs should be discontinued in favor of https URLs
> On Dec 5, 2017, at 14:43, Poul-Henning Kamp <phk at phk.freebsd.dk> wrote: > > -------- > In message <20171205220849.GH9701 at gmail.com>, Gordon Tetlow writes: > >> Using this as a reason to not move to HTTPS is a fallacy. We should do >> everything we can to help our end-users get FreeBSD in the most secure >> way. > > The vastly oversold "security" of HTTPS is entirely borrowed from > a confederation of root-CA's which no non-deluded person can ever > seriously trust.Assertion of identity and encryption in transit are separate issues. I do agree that identity is fundamentally broken with the existing CA system. I?m more interested in preventing tampering of data in transit. HTTPS is an easy way to do that. Gordon
Dag-Erling Smørgrav
2017-Dec-07 14:04 UTC
http subversion URLs should be discontinued in favor of https URLs
Gordon Tetlow <gordon at tetlows.org> writes:> Assertion of identity and encryption in transit are separate issues. I > do agree that identity is fundamentally broken with the existing CA > system. I?m more interested in preventing tampering of data in > transit. HTTPS is an easy way to do that.You can't have the latter without the former. Assertion of identity is the only protection against MITM eavesdropping or tampering. DES -- Dag-Erling Sm?rgrav - des at des.no