Date: Tue, 12 Dec 2017 16:13:48 -0800 From: Yuri <yuri@rawbw.com> To: Eugene Grosbein <eugen@grosbein.net>, Igor Mozolevsky <mozolevsky@gmail.com> Cc: freebsd security <freebsd-security@freebsd.org>, RW <rwmaillists@googlemail.com> Subject: Re: http subversion URLs should be discontinued in favor of https URLs Message-ID: <6c9d028c-ac1c-3fc6-8ea2-7ee22c7ffbe8@rawbw.com> In-Reply-To: <5A303453.9050705@grosbein.net> References: <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com> <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <20171205231845.5028d01d@gumby.homeunix.com> <CADWvR2gVn8H5h6LYB5ddwUHYwDtiLCuYndsXhJywi7Q9vNsYvw@mail.gmail.com> <20171210173222.GF5901@funkthat.com> <CADWvR2iGQOtcU=FnU-fNsso2eLCCQn=swnOLoqws%2B33V8VzX1Q@mail.gmail.com> <5c810101-9092-7665-d623-275c15d4612b@rawbw.com> <CADWvR2j_LLEPKnSynRRmP4LG3mypdkNitwg%2B7vSh=iuJ=JU09Q@mail.gmail.com> <fd888f6b-bf16-f029-06d3-9a9b754dc676@rawbw.com> <CADWvR2jnxVwXmTA9XpZhGYnCAhFVifqqx2MvYeSeHmYEybaNnA@mail.gmail.com> <19bd6d57-4fa6-24d4-6262-37e1487d7ed6@rawbw.com> <5A2D8CDF.80903@grosbein.net> <f374ad86-f69c-115d-60f0-5251fba4b6d6@rawbw.com> <5A2D9CEF.9020404@grosbein.net> <0df2f769-3700-0cfd-591e-d8b8906cf4e7@rawbw.com> <5A303453.9050705@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/12/17 11:56, Eugene Grosbein wrote: > https://wiki.squid-cache.org/Features/SslPeekAndSplice > > You either ignore MITM and proceed with connection anyway or have no connectivity via this channel at all. When the user sees that SSL/TLS is stripped, this isn't a vulnerability of the protocol. User can make a choice to use such connection anyway. There are command line options like this for some commands, and the choice in the browser. Compare this with https using compromised by government CA, when the user doesn't have any way of knowing about MITM. So https+private CA stands secure. Yuri
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6c9d028c-ac1c-3fc6-8ea2-7ee22c7ffbe8>