From owner-freebsd-security@freebsd.org Sun Dec 10 19:49:36 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 66769E9900F for ; Sun, 10 Dec 2017 19:49:36 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E89097F737 for ; Sun, 10 Dec 2017 19:49:35 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: by mail-wm0-x236.google.com with SMTP id i11so10639774wmf.4 for ; Sun, 10 Dec 2017 11:49:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=VXX15Z2lq1ZWnzb9vF1e/kcRg89Ho0rFb40Wma3eN9w=; b=FbtHU9iC4X2TYUR/rGtPbUmHH213CnWEhPGQLgGzrZAUJygZh1yGmVCOiqWdu5Iolh 7A2fPNEN5ajK11bkf6By27Ii8letrH3MvPt7a1+df7ecSA50WGEPkXnYewSRoDHj6RFQ hC/xTmxr5qsxAciV2vtC6o4T0lMEF6gT7oDWA+xClfqOatjHxRGpbISIlEeDv2hntN0b Bpq16r8/hxa2XdEhO+nTd518Q6QQeAA8ZbqHNNIDlbH+8Yaxv24wso+d4iFTlf4OFWYp wLeHXJgjBL5irenPYEK3h6XG3n7lxpLS9ziAXwSNwoXTton/y4kZkt8yzISY/dQiSf4P h/Tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=VXX15Z2lq1ZWnzb9vF1e/kcRg89Ho0rFb40Wma3eN9w=; b=PuYU+5y947NT3BdC0GEQdOiGcobUxpkb1zctRm9Zw6uI6b84KIeEopdfQFxRPLzp+c NieW8z5aTgXK9aw45in1WA//9gUVAc+janroroV1nKtzWnMfejwWuVfOsrmt/2G/6dRu yn6YwgbTQUt8Wzq2CmdsIwEJ0gh+Xl/Pq5u6CbdOR4PPUz8Df5xmGuUdYm2l16LQBGuM Ly7HxG7IrGwgvygxu/EY3/aCNjWKreFJXQyOHDG5q0Cg74sLlP+M5Rqotwcy21pmI9nC 6+S5eprNK+1tFy3+xaIfslE89e1ocvZDtmTfIo92qwgb7NRlgokB/X4Y62LoYszlYxES vBGw== X-Gm-Message-State: AKGB3mIlmzWxcKe0mka8yHsPDjOPGQ8M6dQJkCR1dR5ecW7EzR1g8AGF yNfunL3pkk2ZmUrwhMYi3EDWZT2f/bvs46uCkkE= X-Google-Smtp-Source: AGs4zMY1kPg88ocP6fbq2DiG3zK13bHhHaKnx5ZxwiEwf6bHr8TqqUPQxL53mjkuNTdbWApADv9MBLz84zy/mgInmSw= X-Received: by 10.28.105.14 with SMTP id e14mr8293167wmc.74.1512935374360; Sun, 10 Dec 2017 11:49:34 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.90.193 with HTTP; Sun, 10 Dec 2017 11:48:53 -0800 (PST) In-Reply-To: <20171210194234.GJ5901@funkthat.com> References: <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <20171205231845.5028d01d@gumby.homeunix.com> <20171210173222.GF5901@funkthat.com> <20171210190257.GH5901@funkthat.com> <20171210194234.GJ5901@funkthat.com> From: Igor Mozolevsky Date: Sun, 10 Dec 2017 19:48:53 +0000 Message-ID: Subject: Re: http subversion URLs should be discontinued in favor of https URLs To: Igor Mozolevsky , RW , freebsd security Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Dec 2017 19:49:36 -0000 On 10 December 2017 at 19:42, John-Mark Gurney wrote: > Igor Mozolevsky wrote this message on Sun, Dec 10, 2017 at 19:17 +0000: > No, I'm saying it's not a realistic threat model! If the threat is the > > integrity of the source code in transit, then it'd be way cheaper and way > > more reasonable to implement a Merkle Tree-like verification with each > > revision. > > Then you should be fine w/ http for banking sites, since it's not realistic > that your ISP will MITM your connection to steal money from you, right? > I don't know of a single instance of an ISP MITM'ing banking transactions > to steal money. Entirely different threat model that has nothing to do with MITM but a lot to do with bank-website mimicry! If I connect to MoneyBags, Inc, I want to be sure that everything I send is received at MoneyBags, Inc, and not someone pretending to be MoneyBags, Inc. If I connect to svn.example.com, all I care about is that the Merkle Tree holds, not whether svn.example.com or svn.middleman.example.com provided it. -- Igor M.