freebsd security - Dec 2017 - http subversion URLs should be discontinued in favor of https URLs

I suggested this PR, but it got rejected: 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224097


http is insecure in its nature, and is an easy target for MITM. This is 
why https should be preferred. http needs to be discontinued and shut 
down because as long as it exists somebody will keep using it and will 
be in danger.


Few years ago Wikimedia Foundation switched to https and discontinued 
http entirely: 
https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https 
I think this makes a lot of sense, and FreeBSD should do the same.


It's understood that a lot of arguments can be made for and against 
this, like with any other issue, but security argument should outweigh 
most or all other arguments.



Regards,

Yuri

06.12.2017 3:59, Yuri wrote:
> It's understood that a lot of arguments can be made for and against
this,
> like with any other issue, but security argument should outweigh most or
all other arguments.
It is illusion that https is more secure than unencrypted http in a sense of
MITM
just because of encryption, it is not.

On 12/05/2017 15:59, Yuri wrote:
> I suggested this PR, but it got rejected: 
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224097
>
I would also prefer HTTPS over HTTP, but aren't signed commits what 
we're really looking for?

Are individual commits in SVN digitally signed? Git has this ability, 
but it appears SVN does not. We have https://github.com/freebsd/freebsd 
but I don't see any signed commits.

This might be a good reason to finally abandon SVN.

Yonas

On 12/05/17 12:59, Yuri wrote:
> I suggested this PR, but it got rejected: 
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224097
>
>
> http is insecure in its nature, and is an easy target for MITM. This 
> is why https should be preferred. http needs to be discontinued and 
> shut down because as long as it exists somebody will keep using it and 
> will be in danger.
>
>
> Few years ago Wikimedia Foundation switched to https and discontinued 
> http entirely: 
> https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https 
> I think this makes a lot of sense, and FreeBSD should do the same.
>
>
> It's understood that a lot of arguments can be made for and against 
> this, like with any other issue, but security argument should outweigh 
> most or all other arguments.


Let's forget about all the abstract arguments and considerations, and 
consider this concrete scenario:

Let's assume there is the malicious hacker who runs the malicious Tor 
exit node. In his attempt to spread malware, he watches all outbound 
http traffic for subversion requests to the domain FreeBSD.org. Once he 
detects such request, he serves the maliciously patched versions of 
popular ports and kernel in a hope that they will be rebuilt locally and 
run. The unfortunate FreeBSD user who updated his source tree through 
Tor got infected. This can't possibly happen if https protocol was in 
use, because the hacker is just a private person and doesn't have access 
to any CA authorities, and doesn't impersonate anybody.

Please justify the use of the http protocol in the face of this scenario.


Yuri