From owner-freebsd-questions@FreeBSD.ORG  Fri Apr  3 18:41:16 2015
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 820AF2FD
 for <freebsd-questions@freebsd.org>; Fri,  3 Apr 2015 18:41:16 +0000 (UTC)
Received: from mario.brtsvcs.net (mario.brtsvcs.net [199.48.128.182])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 54C14144
 for <freebsd-questions@freebsd.org>; Fri,  3 Apr 2015 18:41:16 +0000 (UTC)
Received: from chombo.houseloki.net (unknown
 [IPv6:2601:7:2580:181:21c:c0ff:fe7f:96ee])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mario.brtsvcs.net (Postfix) with ESMTPSA id 5D79C2C160E;
 Fri,  3 Apr 2015 18:41:14 +0000 (UTC)
Received: from [IPv6:2601:7:2580:181:baca:3aff:fe83:bd29] (unknown
 [IPv6:2601:7:2580:181:baca:3aff:fe83:bd29])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by chombo.houseloki.net (Postfix) with ESMTPSA id 8AEE759C;
 Fri,  3 Apr 2015 11:41:12 -0700 (PDT)
Message-ID: <551EDEBF.5020409@bluerosetech.com>
Date: Fri, 03 Apr 2015 11:41:03 -0700
From: Mel Pilgrim <list_freebsd@bluerosetech.com>
Reply-To: freebsd-questions@freebsd.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Dieter BSD <dieterbsd@gmail.com>, freebsd-questions@freebsd.org
Subject: Re: Why does FreeBSD insist on https?
References: <CAA3ZYrAwXOp_5vfUPsEkF82UPaAqNwnTm7dw1ogf-C-X+j730g@mail.gmail.com>
In-Reply-To: <CAA3ZYrAwXOp_5vfUPsEkF82UPaAqNwnTm7dw1ogf-C-X+j730g@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2015 18:41:16 -0000

On 2015-04-03 10:59, Dieter BSD wrote:
> From what I've read about that attack there are better ways to prevent it
> than using https.  (I'll leave that as a exercise for the reader.)

No, please don't leave it as an exercise for us.  That's what security 
research has been doing for decades.  So far the only viable solution is 
encryption.  If you have a better solution than encryption to the 
problem of in-flight modification of data, I and the rest of human 
existence would like to hear it.