From owner-freebsd-security@freebsd.org  Mon Dec 11 15:16:36 2017
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6CB08E94A62
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Mon, 11 Dec 2017 15:16:36 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com
 [IPv6:2a00:1450:400c:c09::22e])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id F08D269C86
 for <freebsd-security@freebsd.org>; Mon, 11 Dec 2017 15:16:35 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: by mail-wm0-x22e.google.com with SMTP id 9so15097112wme.4
 for <freebsd-security@freebsd.org>; Mon, 11 Dec 2017 07:16:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=zNTxN6YT3zU3y5Sd5z/tlubJNEsmhc9VjQbJNe4c59s=;
 b=xrcrlGQsllQ4fLANMdblXoIWgaafDa5v2JnDE+kBckrb23SlWowFg7ln9H15z2A6F8
 ALhxhEptx1C6rSFpwcVWOIiroQ1GfJieryFO0PIDfKOefZJwQT98C4og+kkrrv9WH+IR
 ppHR5nln02jR644uYRJJdAgzTGq+tSFk9hmv4pn+pyBKAeTmUaGULwTBqm+zMkDoTmvT
 C4/ZecYhDeQyUiDM0NT6qkMcQUbsKhdXwcrSUkq6SKS442619IdsnwHSOnTYwSqx0Ou3
 CsSsVSve+yBw+HWSWyAZMcPkfp0IzkiaqNmf8C5VVjgUm6106Zmy/SNbO+jJnrp4fNaY
 VNVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to:user-agent;
 bh=zNTxN6YT3zU3y5Sd5z/tlubJNEsmhc9VjQbJNe4c59s=;
 b=m9HYo8JeLE4tAydcneRqcxSXYsCH8tJlAONtcDMZL0Duw5Xo2kRQQ86bLvNN0q4D3Y
 MLzg7ULqmXxAmOd2Uc4UDq9+eMgzCjii0MmWnYnszPu+iEAHNOT/l5yTcBTWKg4Bf9DT
 XDaiHT9x1hm4WxsOFCkizGz9lBi986iMCtOmV+D9ThMgDmCkGsc6s8i7yP3xUINlWfxP
 qFs5k6i37VdN3SISrKxZrtCNub88yz+55osDl8m9SmgRrmCs+mAW6C5Msvu2YEZ8SZf1
 oU28B6FSoadGzt9maVmBcE1KWc7EwM8125Op24KlhzhCK7n86bfgP1GfDpTTR/sI9Soa
 5Nmw==
X-Gm-Message-State: AKGB3mJmtKxqnyiQRekfLPqZcMi90kKMsXkc5kWRR7Mdzho42NiuOuhp
 YQW6Ok0lJFm9ccieK1gbMwxOFvKiakg=
X-Google-Smtp-Source: ACJfBos/W0ejuLHTVTEL49r5er3eUngndrGjrZ81MND4I20fyGXXVpNACg6llrAPjtXxSsswinGZ2Q==
X-Received: by 10.28.94.75 with SMTP id s72mr1161048wmb.112.1513005394124;
 Mon, 11 Dec 2017 07:16:34 -0800 (PST)
Received: from mutt-hbsd ([85.159.237.210])
 by smtp.gmail.com with ESMTPSA id e40sm17412436wre.6.2017.12.11.07.16.31
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Mon, 11 Dec 2017 07:16:33 -0800 (PST)
Date: Mon, 11 Dec 2017 10:16:14 -0500
From: Shawn Webb <shawn.webb@hardenedbsd.org>
To: Christian Weisgerber <naddy@mips.inka.de>
Cc: freebsd-security@freebsd.org
Subject: Re: http subversion URLs should be discontinued in favor of https URLs
Message-ID: <20171211151614.76cm7s4zk6go4clo@mutt-hbsd>
References: <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com>
 <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au>
 <20171205220849.GH9701@gmail.com>
 <24153.1512513836@critter.freebsd.dk>
 <1C30FE91-753A-47A4-9B33-481184F853E1@tetlows.org>
 <867etyzlad.fsf@desk.des.no> <1291.1512658230@critter.freebsd.dk>
 <2a8d9a0a-7a64-2dde-4e53-77ee52632846@tjvarghese.com>
 <CAC0r6X94N4Dv=droSC=B8ri-sH2eb9gJgdvpVqwPt0pSenXfog@mail.gmail.com>
 <slrnp2t7rl.nqg.naddy@lorvorc.mips.inka.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="a3nvtjobkpsou4mv"
Content-Disposition: inline
In-Reply-To: <slrnp2t7rl.nqg.naddy@lorvorc.mips.inka.de>
X-Operating-System: FreeBSD mutt-hbsd 12.0-CURRENT FreeBSD 12.0-CURRENT 
X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE
User-Agent: NeoMutt/20171027
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Dec 2017 15:16:36 -0000


--a3nvtjobkpsou4mv
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Dec 11, 2017 at 03:08:37PM -0000, Christian Weisgerber wrote:
> On 2017-12-08, Luke Crooks <luke@solentwholesale.com> wrote:
>=20
> > The pull request was rejected for a valid reason, offering http allows
> > users with limited network access chance to clone or download freebsd w=
here
> > https is not possible.
>=20
> Do users actually exist who have access to http but not to https?
> Or is this a myth?  And how do these users access popular sites
> like Wikipedia, or www.FreeBSD.org for that matter?

In an effort to enforce encrypted comms, my network is the inverse:
TCP:80 is disallowed, but TCP:443 is accepted.

Thanks,

--=20
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE

--a3nvtjobkpsou4mv
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlouoTsACgkQaoRlj1JF
bu6j0A//f7KKlWFc3IyPF8h05/WHtFyoqeuwuhWH4mz7z/a2TsChO/wvz7sg5VWr
wl0eEZrtjWr3UJhosrjb99o16GiN7jOSS4fUhwzVk/DioScLbRwmYJerMFPmDGBe
a9YzV3R4haX+CgoXily10Jmn9CTdamQpa6LLb9OcBf6HCoRglnlMrZ0ZEnpLiA/P
wEjdP4ycrLBfLSqRsKSA6nY9V9dts79G9iilrDTSaE0q5R7Akwtt9NvJUQ5Z+MOO
CYUerlOGAXD0uUXjeihku8c5kxxEvFFyImjkkyrPHthxSilfrwh0mLNaDHe3M69N
6DNsoBLaa94OllIXx1YcTzEaGVQZHEcp20KwJXtQjmtAOxzR9bVzoC+jby8HnnTV
PrbvtqsJR8bYWvnfJ10TF+hmvVQnNPYuwv2lKzexnlsEtZB20v04F6zQoJcTVY6h
+EzQ11wmxY02hi6wcVgLFI4XEbutcuyyDwdLPKOfrElCHIcLL6k5q/oeNXCTIXC/
TuSQza8M7HIcaw655L3gGh+NlLeSlW6+qmvpmNvS77POtvgHRFmqamPJ58HglpxD
svAjBOk/s5PI10fHccNVNCffe5LDb1qdRRBdYfUfUG9hA7fLB8G4uOJnXeMH6oaP
+e3qIqLTzjQlZvBuGV8Imo5wmezNqD6G6IvpAOz7ffWqccyD0G8=
=gES/
-----END PGP SIGNATURE-----

--a3nvtjobkpsou4mv--