Poul-Henning Kamp
2017-Dec-07 14:50 UTC
http subversion URLs should be discontinued in favor of https URLs
-------- In message <867etyzlad.fsf at desk.des.no>, =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= w rites:>Gordon Tetlow <gordon at tetlows.org> writes: >> Assertion of identity and encryption in transit are separate issues. [...] > >You can't have the latter without the former. Assertion of identity is >the only protection against MITM eavesdropping or tampering.Or more generally: If you dont/cant trust the other end, why would you trust them to keep the communication secret ? -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk at FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
TJ Varghese
2017-Dec-08 08:25 UTC
http subversion URLs should be discontinued in favor of https URLs
On 12/07/2017 10:50 PM, Poul-Henning Kamp wrote:> >> You can't have the latter without the former. Assertion of identity is >> the only protection against MITM eavesdropping or tampering. > Or more generally: > > If you dont/cant trust the other end, why would you trust them to > keep the communication secret ? >I'm curious as to your take on electronic banking. Should they all merely use HTTP since HTTPS is hopelessly compromised by design? If your objection is that HTTPS bring nothing to the security table, then it really doesn't make a difference where it's used and we should all just stop using it, no?