Date: Mon, 11 Dec 2017 03:59:29 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Franco Fichtner <franco@lastsummer.de> Cc: Yuri <yuri@rawbw.com>, Igor Mozolevsky <mozolevsky@gmail.com>, freebsd security <freebsd-security@freebsd.org>, RW <rwmaillists@googlemail.com> Subject: Re: http subversion URLs should be discontinued in favor of https URLs Message-ID: <5A2DA031.2020009@grosbein.net> In-Reply-To: <3C567C04-1B10-4F8F-B503-55AE5F5D53D7@lastsummer.de> References: <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com> <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <20171205231845.5028d01d@gumby.homeunix.com> <CADWvR2gVn8H5h6LYB5ddwUHYwDtiLCuYndsXhJywi7Q9vNsYvw@mail.gmail.com> <20171210173222.GF5901@funkthat.com> <CADWvR2iGQOtcU=FnU-fNsso2eLCCQn=swnOLoqws%2B33V8VzX1Q@mail.gmail.com> <5c810101-9092-7665-d623-275c15d4612b@rawbw.com> <CADWvR2j_LLEPKnSynRRmP4LG3mypdkNitwg%2B7vSh=iuJ=JU09Q@mail.gmail.com> <fd888f6b-bf16-f029-06d3-9a9b754dc676@rawbw.com> <CADWvR2jnxVwXmTA9XpZhGYnCAhFVifqqx2MvYeSeHmYEybaNnA@mail.gmail.com> <19bd6d57-4fa6-24d4-6262-37e1487d7ed6@rawbw.com> <5A2D8CDF.80903@grosbein.net> <f374ad86-f69c-115d-60f0-5251fba4b6d6@rawbw.com> <5A2D9CEF.9020404@grosbein.net> <3C567C04-1B10-4F8F-B503-55AE5F5D53D7@lastsummer.de>
next in thread | previous in thread | raw e-mail | index | archive | help
11.12.2017 3:52, Franco Fichtner wrote: >> On 10. Dec 2017, at 9:45 PM, Eugene Grosbein <eugen@grosbein.net> wrote: >> >> 11.12.2017 3:37, Yuri wrote: >> >>> On 12/10/17 11:37, Eugene Grosbein wrote: >>>> Hmm, you should not pass your traffic through the network operated >>>> by lots of malicious operators in first place. No matter encrypted or not. >>>> There are plenty of alternative ways. >>> >>> >>> Modern encryption protocols allow you to send traffic over insecure networks and still maintain your security and privacy, so why not? >> >> No, they don't. You get into MITM and then you have a choice: ignore and run your connection anyway >> or have no connectivity at all (using this channel). Both are bad, so don't use such a channel from the beginning. > > You deconstructed the point you tried to make: > > With HTTP MITM you don't have a choice. ;) Whith HTTP going through another route you could have no MITM because a) MITM is illegal for network provider and/or b) nobody on this route cares of this HTTP connection (opposed to TOR operator). Let's get it to real threat model instead of fictional one?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5A2DA031.2020009>