From owner-freebsd-security@freebsd.org Tue Dec 5 23:18:26 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 056D9E865FC for ; Tue, 5 Dec 2017 23:18:26 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: from mail-pf0-x22d.google.com (mail-pf0-x22d.google.com [IPv6:2607:f8b0:400e:c00::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C593477C79 for ; Tue, 5 Dec 2017 23:18:25 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: by mail-pf0-x22d.google.com with SMTP id c204so1313071pfc.13 for ; Tue, 05 Dec 2017 15:18:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tetlows.org; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=hUDDJ+NBG5OXkBgZQGNZlNEJAmq+dnMvrP+KX5viRA4=; b=ct/c3iH1BeBP+wLcqW2xkpDHWUCbWDhjkjtb7WFtLOYoas4KHzVscpzAQtu8nzxb0L eu+sqw+TGBNAxGKwH7rTgXN1yDPYimdfny9zV998QSa6mXwa7moFyd+uqyxR7+X+11X3 aX5E1fPGV0JD8GyB5B1+5KQtZH9smF4quqP6k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=hUDDJ+NBG5OXkBgZQGNZlNEJAmq+dnMvrP+KX5viRA4=; b=D4wpho5/1CDuC2BojZAlD8HnYsrprP2hYc+FOHQL9MKYi1TXg5Y7qZx9vJXSzWkLZz lsD15HJPzM8iE+KyUM+916A/MnLNSlrh3Zi3H8YFc0w2ybwbBw9QZ7LMY7GtDfj3+1ep KAzSzZMQv2aQky2ULSDZZ2Z4ntU27EP/s8nP0t7jS1swpi+LPUhfHGfnp96kkdeEsMx3 +6iZ8TBRYuDweQcVb73esI2mgfTZMZI/2VBSXeyZQ7wDmhO2awyob7rKGx5lSybr5mKe ynVZVqp0yAy00wfivz53CK3BOrTQuXrsHxAu7os2hvwvrxu2PWsyiXEvZ2lHiDXiQ2/G 5n4g== X-Gm-Message-State: AJaThX54a3MtZAroaAw8E2zc2VnWXY1iAaPXqFmqkQ57a8McKJLI1cUE hbheoeNyoOS1oAW4bjPF845yoCkKth+1 X-Google-Smtp-Source: AGs4zMYTVQUWFtXkAXvswuuKWtoDM68XxqhOx+xAXdpoGG2BKOd5xCYFBz7X/jroaxCBaoDHgEg6cg== X-Received: by 10.99.103.70 with SMTP id b67mr19272944pgc.211.1512515904964; Tue, 05 Dec 2017 15:18:24 -0800 (PST) Received: from ?IPv6:2600:380:4b61:3528:68c4:bb77:78eb:79ff? ([2600:380:4b61:3528:68c4:bb77:78eb:79ff]) by smtp.gmail.com with ESMTPSA id d2sm1552216pfe.164.2017.12.05.15.18.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Dec 2017 15:18:24 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: http subversion URLs should be discontinued in favor of https URLs From: Gordon Tetlow X-Mailer: iPhone Mail (15B202) In-Reply-To: <24153.1512513836@critter.freebsd.dk> Date: Tue, 5 Dec 2017 15:18:21 -0800 Cc: Dewayne Geraghty , freebsd-security@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <1C30FE91-753A-47A4-9B33-481184F853E1@tetlows.org> References: <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com> <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <24153.1512513836@critter.freebsd.dk> To: Poul-Henning Kamp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Dec 2017 23:18:26 -0000 > On Dec 5, 2017, at 14:43, Poul-Henning Kamp wrote: >=20 > -------- > In message <20171205220849.GH9701@gmail.com>, Gordon Tetlow writes: >=20 >> Using this as a reason to not move to HTTPS is a fallacy. We should do >> everything we can to help our end-users get FreeBSD in the most secure >> way. >=20 > The vastly oversold "security" of HTTPS is entirely borrowed from > a confederation of root-CA's which no non-deluded person can ever > seriously trust. Assertion of identity and encryption in transit are separate issues. I do ag= ree that identity is fundamentally broken with the existing CA system. I=E2=80= =99m more interested in preventing tampering of data in transit. HTTPS is an= easy way to do that. Gordon=