From owner-freebsd-security@freebsd.org  Fri Sep 18 12:10:51 2015
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0610B9CE01C;
 Fri, 18 Sep 2015 12:10:51 +0000 (UTC)
 (envelope-from feenberg@nber.org)
Received: from mail2.nber.org (mail2.nber.org [198.71.6.79])
 by mx1.freebsd.org (Postfix) with ESMTP id 7565E110B;
 Fri, 18 Sep 2015 12:10:49 +0000 (UTC)
 (envelope-from feenberg@nber.org)
Received: from nber4.nber.org (nber4.nber.org [198.71.6.74])
 by mail2.nber.org (8.15.1/8.14.9) with ESMTPS id t8IBjTjD090576
 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
 Fri, 18 Sep 2015 07:45:30 -0400 (EDT)
 (envelope-from feenberg@nber.org)
Date: Fri, 18 Sep 2015 07:45:29 -0400 (EDT)
From: Daniel Feenberg <feenberg@nber.org>
To: grarpamp <grarpamp@gmail.com>
cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org
Subject: Re: HTTPS on freebsd.org, git, reproducible builds
In-Reply-To: <CAD2Ti2_YNkNi2b=PzFCwu3PVaP8hOzADys3=-k0AqvsDRhJpzA@mail.gmail.com>
Message-ID: <alpine.LRH.2.11.1509180646470.14490@nber4.nber.org>
References: <CAD2Ti2_YNkNi2b=PzFCwu3PVaP8hOzADys3=-k0AqvsDRhJpzA@mail.gmail.com>
User-Agent: Alpine 2.11 (LRH 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.39/RELEASE,
 bases: 20140401 #7726142, check: 20150918 clean
X-Mailman-Approved-At: Fri, 18 Sep 2015 12:44:19 +0000
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2015 12:10:51 -0000



On Thu, 17 Sep 2015, grarpamp wrote:

> Is there some reason "freebsd.org" and all it's
> subdomains don't immediately 302 over to
> https foreverafter?

Is there a reason to encrypt something that is completely public? Perhaps 
to allow the visitor to conceal the fact that they are interested in 
FreeBSD? That won't work, since the IP address of the server can't be 
encrypted. I feel like I am missing something.

dan feenberg