From owner-freebsd-security@freebsd.org  Fri Sep 18 14:05:42 2015
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 486139CECA0;
 Fri, 18 Sep 2015 14:05:42 +0000 (UTC) (envelope-from des@des.no)
Received: from smtp.des.no (smtp.des.no [194.63.250.102])
 by mx1.freebsd.org (Postfix) with ESMTP id 0E81C17E6;
 Fri, 18 Sep 2015 14:05:41 +0000 (UTC) (envelope-from des@des.no)
Received: from nine.des.no (smtp.des.no [194.63.250.102])
 by smtp.des.no (Postfix) with ESMTP id D5A91859B;
 Fri, 18 Sep 2015 14:05:39 +0000 (UTC)
Received: by nine.des.no (Postfix, from userid 1001)
 id A71E78311; Fri, 18 Sep 2015 16:05:39 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Mark Felder <feld@FreeBSD.org>
Cc: Daniel Feenberg <feenberg@nber.org>, freebsd-security@freebsd.org,
 grarpamp <grarpamp@gmail.com>, freebsd-questions@freebsd.org
Subject: Re: HTTPS on freebsd.org, git, reproducible builds
References: <CAD2Ti2_YNkNi2b=PzFCwu3PVaP8hOzADys3=-k0AqvsDRhJpzA@mail.gmail.com>
 <alpine.LRH.2.11.1509180646470.14490@nber4.nber.org>
 <86r3lvdeah.fsf@nine.des.no>
 <1442584818.1834563.387314497.1AD169D2@webmail.messagingengine.com>
Date: Fri, 18 Sep 2015 16:05:39 +0200
In-Reply-To: <1442584818.1834563.387314497.1AD169D2@webmail.messagingengine.com>
 (Mark Felder's message of "Fri, 18 Sep 2015 09:00:18 -0500")
Message-ID: <86k2rnddqk.fsf@nine.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2015 14:05:42 -0000

Mark Felder <feld@FreeBSD.org> writes:
> Dag-Erling Sm=C3=B8rgrav <des@des.no> writes:
> > Daniel Feenberg <feenberg@nber.org> writes:
> > > Is there a reason to encrypt something that is completely public?
> > Watering hole attacks.
> Watering hole attack describes the *site* being compromised because it's
> popular and you know the target(s) will go there. HTTPS is irrelevant.

...or a MITM attack on a site that is popular with your target
demographic.

Then again, if you have the means to mount a MITM attack you probably
have the means to get a valid certificate.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no