Date: Tue, 5 Dec 2017 15:18:21 -0800 From: Gordon Tetlow <gordon@tetlows.org> To: Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au>, freebsd-security@freebsd.org Subject: Re: http subversion URLs should be discontinued in favor of https URLs Message-ID: <1C30FE91-753A-47A4-9B33-481184F853E1@tetlows.org> In-Reply-To: <24153.1512513836@critter.freebsd.dk> References: <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com> <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <24153.1512513836@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Dec 5, 2017, at 14:43, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > > -------- > In message <20171205220849.GH9701@gmail.com>, Gordon Tetlow writes: > >> Using this as a reason to not move to HTTPS is a fallacy. We should do >> everything we can to help our end-users get FreeBSD in the most secure >> way. > > The vastly oversold "security" of HTTPS is entirely borrowed from > a confederation of root-CA's which no non-deluded person can ever > seriously trust. Assertion of identity and encryption in transit are separate issues. I do agree that identity is fundamentally broken with the existing CA system. I’m more interested in preventing tampering of data in transit. HTTPS is an easy way to do that. Gordon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1C30FE91-753A-47A4-9B33-481184F853E1>