From owner-freebsd-security@freebsd.org Tue Dec 5 23:30:39 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4E20FE86BBF for ; Tue, 5 Dec 2017 23:30:39 +0000 (UTC) (envelope-from phk@critter.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.freebsd.org (Postfix) with ESMTP id 132D5786A6 for ; Tue, 5 Dec 2017 23:30:38 +0000 (UTC) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (unknown [192.168.55.3]) by phk.freebsd.dk (Postfix) with ESMTP id 9D61F2737A; Tue, 5 Dec 2017 23:30:37 +0000 (UTC) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.15.2/8.15.2) with ESMTPS id vB5NUaDx024382 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 5 Dec 2017 23:30:36 GMT (envelope-from phk@critter.freebsd.dk) Received: (from phk@localhost) by critter.freebsd.dk (8.15.2/8.15.2/Submit) id vB5NUZfN024381; Tue, 5 Dec 2017 23:30:35 GMT (envelope-from phk) To: Yuri cc: Gordon Tetlow , freebsd-security@freebsd.org, Dewayne Geraghty Subject: Re: http subversion URLs should be discontinued in favor of https URLs In-reply-to: <1294e5c4-9554-b9f5-8ea9-13aca5411e9a@rawbw.com> From: "Poul-Henning Kamp" References: <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com> <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <24153.1512513836@critter.freebsd.dk> <1294e5c4-9554-b9f5-8ea9-13aca5411e9a@rawbw.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <24379.1512516635.1@critter.freebsd.dk> Date: Tue, 05 Dec 2017 23:30:35 +0000 Message-ID: <24380.1512516635@critter.freebsd.dk> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Dec 2017 23:30:39 -0000 -------- In message <1294e5c4-9554-b9f5-8ea9-13aca5411e9a@rawbw.com>, Yuri writes: >On 12/05/17 14:43, Poul-Henning Kamp wrote: >> The vastly oversold "security" of HTTPS is entirely borrowed from >> a confederation of root-CA's which no non-deluded person can ever >> seriously trust. > > >Your argument goes like this [...] Yuri, You get to express your opinion, you do not also get to express mine. The core problem of all encryption is key distribution. HTTPS doesn't have that, it relies entirely on the CA system for it. The CA conglomerate is broken, trojaned and backdoored, and documented as such, and therefore HTTPs is a potempkin shell of security. Until HTTPS has something more trustworthy than the CA conglomerate to distribute keys, it is no safer in any respect than plain HTTP. And you are wasting everybodys time by trying to change FreeBSD's *100% non-private* version control system to a protocol which offers no privacy where no privacy is needed. You should spend *your* time getting personally involved in your own countrys political system, which is where the relevant decisions, bad or good, about our electronic privacy will be made. Over and out... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.