Date: Mon, 22 Apr 2024 11:16:17 +0200 From: Harry Schmalzbauer <freebsd@omnilan.de> To: Shawn Webb <shawn.webb@hardenedbsd.org>, Philip Paeps <philip@freebsd.org> Cc: Ronald Klop <ronald-lists@klop.ws>, dev-commits-src-main@freebsd.org, dev-commits-src-all@freebsd.org Subject: Re: git: 9c59988175ff - main - bsdinstall: prefer HTTP Message-ID: <04ea81b1-c6a2-4dcd-921c-729fb5f5f944@omnilan.de> In-Reply-To: <l4554bcbxule5u4s43qlc6mn7bgcqhaeqkpjrmro7l5txmpfcx@jvwcfmagk7jx> References: <901819076.6938.1708005969197@localhost> <7B54789B-90DD-4A85-8E2B-84E13DAE54B5@freebsd.org> <mn7f4ehfdeg6xwwxmwy44lj5zvhjl6cjucc4pbbqorlzxbgeup@qb7s4gerhpcr> <4A6EC239-4B9B-442C-ACFB-8F99A951630A@freebsd.org> <l4554bcbxule5u4s43qlc6mn7bgcqhaeqkpjrmro7l5txmpfcx@jvwcfmagk7jx>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------Djtb7k34W0VVt4JFbvQmeUvu Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 2024-02-15 15:55, Shawn Webb wrote: ... >>> I'm curious to learn why you chose http:// rather than https://. >> Because https:// only adds work. And work is heat. >> >> bsdinstall uses the MANIFEST to confirm integrity. >> >> If your bsdinstall and MANIFEST are from a trustworthy source, anything >> downloaded over http:// will be trustworthy. Just as trustworthy, in fact, >> as anything downloaded over ftp://. > There is the problem of metadata leakage, which HTTPS helps to address > (though not completely.) The connection itself leaks the significant part, no matter if it's HTTP or HTTPS. Anything else from the header, which is plain on HTTP vs. HTTPS, doesn't tell much more: A 500MB stream from ftp.freebsd.org let's anyone guess you're downloading a setup image. Which one exactly isn't hurting privacy imho, nor which agent is in use etc... I totally agree that general TLSing is a bad idea. Another advantage of HTTP (plain) vs. HTTPS is that proxies can easily cache, saving load from the net and the servers alike. (if intercepting beforehand anyways - which is 'standard' wherever I access the internet @work! - caching would work too of course, but in real world, the mitm-boxes rarely are proxies. Even small sized companies utilize F.ate/P.lto SSL-inspection feature - cheap and easy to turn on. If TLSing madness wouldn't have caused encypted weather/newspaper/ads, maybe we wouldn't have precautionary man-in-the-middle boxes all over the places - which do inspect banking and everything else if not carefully extra ruled out) Just my 2 ¢ --------------Djtb7k34W0VVt4JFbvQmeUvu Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <div class="moz-cite-prefix">On 2024-02-15 15:55, Shawn Webb wrote:</div> <div class="moz-cite-prefix"><span style="white-space: pre-wrap"> </span></div> <div class="moz-cite-prefix"><span style="white-space: pre-wrap">... </span></div> <blockquote type="cite" cite="mid:l4554bcbxule5u4s43qlc6mn7bgcqhaeqkpjrmro7l5txmpfcx@jvwcfmagk7jx"> <blockquote type="cite"> <blockquote type="cite"> <pre class="moz-quote-pre" wrap="">I'm curious to learn why you chose http:// rather than https://. </pre> </blockquote> <pre class="moz-quote-pre" wrap=""> Because https:// only adds work. And work is heat. bsdinstall uses the MANIFEST to confirm integrity. If your bsdinstall and MANIFEST are from a trustworthy source, anything downloaded over http:// will be trustworthy. Just as trustworthy, in fact, as anything downloaded over ftp://. </pre> </blockquote> <pre class="moz-quote-pre" wrap=""> There is the problem of metadata leakage, which HTTPS helps to address (though not completely.) </pre> </blockquote> <p><br> </p> <p>The connection itself leaks the significant part, no matter if it's HTTP or HTTPS.<br> Anything else from the header, which is plain on HTTP vs. HTTPS, doesn't tell much more: A 500MB stream from <a class="moz-txt-link-abbreviated" href="ftp://ftp.freebsd.org">ftp.freebsd.org</a>; let's anyone guess you're downloading a setup image. Which one exactly isn't hurting privacy imho, nor which agent is in use etc...</p> <p>I totally agree that general TLSing is a bad idea.<br> Another advantage of HTTP (plain) vs. HTTPS is that proxies can easily cache, saving load from the net and the servers alike.</p> <p>(if intercepting beforehand anyways - which is 'standard' wherever I access the internet @work! - caching would work too of course, but in real world, the mitm-boxes rarely are proxies. Even small sized companies utilize F.ate/P.lto SSL-inspection feature - cheap and easy to turn on. If TLSing madness wouldn't have caused encypted weather/newspaper/ads, maybe we wouldn't have precautionary man-in-the-middle boxes all over the places - which do inspect banking and everything else if not carefully extra ruled out)</p> <p>Just my 2 ¢<br> </p> </body> </html> --------------Djtb7k34W0VVt4JFbvQmeUvu--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?04ea81b1-c6a2-4dcd-921c-729fb5f5f944>