From owner-freebsd-security@freebsd.org Fri Dec 8 15:09:27 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A2D3BE85B9F for ; Fri, 8 Dec 2017 15:09:27 +0000 (UTC) (envelope-from phk@critter.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.freebsd.org (Postfix) with ESMTP id 65447758C2 for ; Fri, 8 Dec 2017 15:09:27 +0000 (UTC) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (unknown [192.168.55.3]) by phk.freebsd.dk (Postfix) with ESMTP id 1410427376; Fri, 8 Dec 2017 15:09:24 +0000 (UTC) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.15.2/8.15.2) with ESMTPS id vB8F9OIb004135 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 8 Dec 2017 15:09:24 GMT (envelope-from phk@critter.freebsd.dk) Received: (from phk@localhost) by critter.freebsd.dk (8.15.2/8.15.2/Submit) id vB8F9Lur004134; Fri, 8 Dec 2017 15:09:21 GMT (envelope-from phk) To: Shawn Webb cc: TJ Varghese , Dag-Erling Sm??rgrav , Dewayne Geraghty , Gordon Tetlow , freebsd-security@freebsd.org Subject: Re: http subversion URLs should be discontinued in favor of https URLs In-reply-to: <20171208142616.u56ntsf4zx5ns2ey@mutt-hbsd> From: "Poul-Henning Kamp" References: <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <24153.1512513836@critter.freebsd.dk> <1C30FE91-753A-47A4-9B33-481184F853E1@tetlows.org> <867etyzlad.fsf@desk.des.no> <1291.1512658230@critter.freebsd.dk> <2a8d9a0a-7a64-2dde-4e53-77ee52632846@tjvarghese.com> <3914.1512742033@critter.freebsd.dk> <20171208142616.u56ntsf4zx5ns2ey@mutt-hbsd> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <4132.1512745761.1@critter.freebsd.dk> Date: Fri, 08 Dec 2017 15:09:21 +0000 Message-ID: <4133.1512745761@critter.freebsd.dk> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Dec 2017 15:09:27 -0000 -------- In message <20171208142616.u56ntsf4zx5ns2ey@mutt-hbsd>, Shawn Webb writes: >It really is a sad state that governments feel they must subvert >secure communications channels used by citizens. I agree with you >there. And it really is a sad state when rabid IT-liberalists don't see any problem with females who dare to speak out against sexual abuse being threathened via Tor, teenage girls, whos only crime is looking good, being sent dick-picks by shitbags and organized crime being above the law. >What if FreeBSD generated its own CA for use with critical >infrastructure, like the svn repo. The trusted CA certificate would be >distributed via multiple means: in the src tree and on the website. >It would get installed on user's systems. *Then* I could see a point in using HTTPS, because then you would have the FreeBSD Project telling you that you got to the right place rather than Taiwanese or Turkish government telling you that you got to what they think is the right place. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.