Date: Mon, 11 Dec 2017 04:03:01 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Yuri <yuri@rawbw.com>, Igor Mozolevsky <mozolevsky@gmail.com> Cc: freebsd security <freebsd-security@freebsd.org>, RW <rwmaillists@googlemail.com> Subject: Re: http subversion URLs should be discontinued in favor of https URLs Message-ID: <5A2DA105.9030501@grosbein.net> In-Reply-To: <2fde7b1e-7174-00d1-5fd0-65c385bdcdef@rawbw.com> References: <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com> <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <20171205231845.5028d01d@gumby.homeunix.com> <CADWvR2gVn8H5h6LYB5ddwUHYwDtiLCuYndsXhJywi7Q9vNsYvw@mail.gmail.com> <20171210173222.GF5901@funkthat.com> <CADWvR2iGQOtcU=FnU-fNsso2eLCCQn=swnOLoqws%2B33V8VzX1Q@mail.gmail.com> <5c810101-9092-7665-d623-275c15d4612b@rawbw.com> <CADWvR2j_LLEPKnSynRRmP4LG3mypdkNitwg%2B7vSh=iuJ=JU09Q@mail.gmail.com> <fd888f6b-bf16-f029-06d3-9a9b754dc676@rawbw.com> <CADWvR2jnxVwXmTA9XpZhGYnCAhFVifqqx2MvYeSeHmYEybaNnA@mail.gmail.com> <19bd6d57-4fa6-24d4-6262-37e1487d7ed6@rawbw.com> <5A2D8CDF.80903@grosbein.net> <f374ad86-f69c-115d-60f0-5251fba4b6d6@rawbw.com> <5A2D9CEF.9020404@grosbein.net> <2fde7b1e-7174-00d1-5fd0-65c385bdcdef@rawbw.com>
next in thread | previous in thread | raw e-mail | index | archive | help
11.12.2017 3:54, Yuri wrote: >>> Modern encryption protocols allow you to send traffic over insecure networks and still maintain your security and privacy, so why not? >> No, they don't. You get into MITM and then you have a choice: ignore and run your connection anyway >> or have no connectivity at all (using this channel). Both are bad, so don't use such a channel from the beginning. > > There's no MITMing with https unless you are a state actor. There are very few state actors, they are special case. > Regular hackers can't MITM https, but can MITM http. You either have no idea, or missed the point. In fact, anyone can do MITM (ssl bump) for https running through its system. It is only question of making it undetected and then you have a choice described in the quote above.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5A2DA105.9030501>