From owner-freebsd-questions@freebsd.org  Fri Sep 18 14:06:14 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF0A69CED86;
 Fri, 18 Sep 2015 14:06:14 +0000 (UTC) (envelope-from na@rtfm.net)
Received: from iad1-shared-relay1.dreamhost.com
 (iad1-shared-relay1.dreamhost.com [208.113.157.50])
 by mx1.freebsd.org (Postfix) with ESMTP id 9E3141980;
 Fri, 18 Sep 2015 14:06:14 +0000 (UTC) (envelope-from na@rtfm.net)
Received: from cloudburst.dreamhost.com (cloudburst.dreamhost.com
 [66.33.212.129])
 by iad1-shared-relay1.dreamhost.com (Postfix) with ESMTP id 76735B40061;
 Fri, 18 Sep 2015 07:06:08 -0700 (PDT)
Received: by cloudburst.dreamhost.com (Postfix, from userid 99172)
 id 6D4A0260C27; Fri, 18 Sep 2015 07:06:08 -0700 (PDT)
Date: Fri, 18 Sep 2015 10:06:07 -0400
From: Nathan Dorfman <na@rtfm.net>
To: Daniel Feenberg <feenberg@nber.org>
Cc: grarpamp <grarpamp@gmail.com>, freebsd-security@freebsd.org,
 freebsd-questions@freebsd.org
Subject: Re: HTTPS on freebsd.org, git, reproducible builds
Message-ID: <20150918140555.GA14677@vane>
References: <CAD2Ti2_YNkNi2b=PzFCwu3PVaP8hOzADys3=-k0AqvsDRhJpzA@mail.gmail.com>
 <alpine.LRH.2.11.1509180646470.14490@nber4.nber.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.LRH.2.11.1509180646470.14490@nber4.nber.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2015 14:06:14 -0000

On Fri, Sep 18, 2015 at 07:45:29AM -0400, Daniel Feenberg wrote:
> Is there a reason to encrypt something that is completely public?
> Perhaps to allow the visitor to conceal the fact that they are
> interested in FreeBSD? That won't work, since the IP address of the
> server can't be encrypted. I feel like I am missing something.

There may be no reason to encrypt it, but there's plenty of reason to
authenticate it. That is, when you browse FreeBSD.org, you'd probably prefer to
know that the content wasn't modified in transit to include a 0-day JavaScript
exploit. 

-nd.