Date: Mon, 11 Dec 2017 17:34:48 +0100 From: WhiteWinterWolf <freebsd.lists@whitewinterwolf.com> To: Christian Weisgerber <naddy@mips.inka.de>, freebsd-security@freebsd.org, karl@denninger.net Subject: Re: http subversion URLs should be discontinued in favor of https URLs Message-ID: <632cd44e-2072-8abf-ef3c-86701881e723@whitewinterwolf.com> In-Reply-To: <slrnp2t7rl.nqg.naddy@lorvorc.mips.inka.de> References: <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com> <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <24153.1512513836@critter.freebsd.dk> <1C30FE91-753A-47A4-9B33-481184F853E1@tetlows.org> <867etyzlad.fsf@desk.des.no> <1291.1512658230@critter.freebsd.dk> <2a8d9a0a-7a64-2dde-4e53-77ee52632846@tjvarghese.com> <CAC0r6X94N4Dv=droSC=B8ri-sH2eb9gJgdvpVqwPt0pSenXfog@mail.gmail.com> <slrnp2t7rl.nqg.naddy@lorvorc.mips.inka.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Le 11/12/2017 à 16:08, Christian Weisgerber a écrit : > Do users actually exist who have access to http but not to https? I don't know about users, but caching is not possible anymore as soon you use end-to-end HTTPS. This is a reason why I personally like software and system updates to be served through HTTP instead of HTTPS. You don't need to fetch the same update for each environment each time from the remote vendor's system, you just need them to be somehow signed by him to ensure their authenticity. This was just to give an example of why one would prefer to use HTTP over HTTPS, and how as highlighted by Karl Denninger a system which does too much may actually be harmful. When you need signature, then apply signature, don't add encryption, tunneling, dynamic cipher suites negotiation, session keys exchange and so on as overhead. Regards, Simon. -- WhiteWinterWolf https://www.whitewinterwolf.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?632cd44e-2072-8abf-ef3c-86701881e723>