Date: Fri, 18 Sep 2015 08:46:29 -0500 From: Mark Felder <feld@FreeBSD.org> To: Quartz <quartz@sneakertech.com>, freebsd-questions@freebsd.org Subject: Re: HTTPS on freebsd.org, git, reproducible builds Message-ID: <1442583989.1830421.387287001.4BC94C0A@webmail.messagingengine.com> In-Reply-To: <55FC07F2.1060100@sneakertech.com> References: <CAD2Ti2_YNkNi2b=PzFCwu3PVaP8hOzADys3=-k0AqvsDRhJpzA@mail.gmail.com> <alpine.LRH.2.11.1509180646470.14490@nber4.nber.org> <55FC07F2.1060100@sneakertech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 18, 2015, at 07:47, Quartz wrote: > > Is there a reason to encrypt something that is completely public? > > MitM attacks. SSL would go a long way towards ensuring that when you go > to a website you're seeing the real website and not something that > silently redirects you to compromised files or targeted misinformation. > This is a common misconception. How do you programmatically prove you're not victim of an SSL MITM? You have to trust your installed CA Roots and any of those could have issued a FreeBSD.org certificate. DNSSEC helps[1] prove you're reaching the right IP, but they could be doing a transparent MITM or BGP hijacking. Additionally, there is no desktop browser natively supporting DANE yet, and you probably will never find it in text browsers like lynx. The key distinction is that SSL provides encryption, not identification. Proving identification is much more difficult. Remember, if they can MITM your HTTP, they can MITM your HTTPS. The difficulty is only slightly higher; it's certainly within the reach of organized blackhat groups and easily achieved by state actors. [1] As long as you can trust that the DNSSEC root isn't compromised by the state... -- Mark Felder ports-secteam member feld@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1442583989.1830421.387287001.4BC94C0A>