freebsd security - Dec 2017 - http subversion URLs should be discontinued in favor of https URLs

On 12/05/17 13:04, Eugene Grosbein wrote:
> It is illusion that https is more secure than unencrypted http in a sense
of MITM
> just because of encryption, it is not.

It *is* more secure. In order to break it, you have to have compromized 
https authorities. Some state actors have plausibly done this. http, on 
the contrary, can be altered by anybody who has access to the wire, 
which is generally a much wider set.


Yuri

On 6/12/2017 8:13 AM, Yuri wrote:
> On 12/05/17 13:04, Eugene Grosbein wrote:
>> It is illusion that https is more secure than unencrypted http in a
>> sense of MITM
>> just because of encryption, it is not.
>
>
> It *is* more secure. In order to break it, you have to have
> compromized https authorities. Some state actors have plausibly done
> this. http, on the contrary, can be altered by anybody who has access
> to the wire, which is generally a much wider set.
>
>
> Yuri 
Yuri,
It can be illusory. ? My last job was as Sec Mgr for a large bank.? They
disabled cert checking on client devices, placed a wildcard cert at the
internet boundary and captured all https unencrypted.? An alternative
approach to advocate is dnssec.? :)

You also need to ensure integrity, to ensure that the numbers are
flipped in transit...? ;)

On Tue, Dec 05, 2017 at 01:13:25PM -0800, Yuri wrote:
> On 12/05/17 13:04, Eugene Grosbein wrote:
> > It is illusion that https is more secure than unencrypted http in a
sense of MITM
> > just because of encryption, it is not.
> 
> 
> It *is* more secure.
https don't work frequent than http and this is not secure.