From owner-freebsd-security@FreeBSD.ORG Mon May 18 07:43:38 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 17A0D675; Mon, 18 May 2015 07:43:38 +0000 (UTC) Received: from rack.patpro.net (rack.patpro.net [193.30.227.216]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "patpro.net", Issuer "Gandi Standard SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C7B101D81; Mon, 18 May 2015 07:43:37 +0000 (UTC) Received: from patpro.univ-lyon2.fr (patpro.univ-lyon2.fr [159.84.113.250]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client did not present a certificate) by rack.patpro.net (Postfix) with ESMTPSA id 7B252D40; Mon, 18 May 2015 09:43:27 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=patpro.net; s=201504-3edeac90; t=1431935007; bh=0XjlvWE+qYxIo5+rcZmf2ya2HP57q2vpgYon17/ximo=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=LUHfyXjY56VAEqzi/vTo23ENKV/2EA8DNajmwA8BCu1RuBUBa/lu8sK++3cYrJ4M3 X+CS+ZGjb0JZoo3ffLY1FxkvGzEAD798Jicahp4iszgpiVtX6wApx/GrM9adYY0AUT kkghLiKD9bR+4wXZVPn0upS0xn1cKVmY70Ob0ZI13588TAYwPf63Smnux3ocA8IbW9 5Q4cgSpXvI96CiGAMNgd3IxVGDciv37wF6G3/r1X8uW+1XN5TULCXmBQKikT0NL8IB RBHUbxX3DIf3WpGPZ7ugOWAwCRhQacym0fJX6qaRw+Jxila5PzEyBUNr1CYrD/iPm0 vDFYJf32wzQCFQpk7fxK5c6rbH21Q3qLco5Jgi5HgQHSKP/fJ0xnxeftMk2fA7tS8L XqVY7bvbP3IMohQlG9nbaSYMX3xgV/2JSGWZXW975yAxIlOg9rKyRwAh1dNRDrnaJx bbDZJIz0g7qCbHk0jMdNDi2qaA+OfnibvsLwajFet12etbDwpKlMSWK8Xcj+7FR3JJ tVqpbWlO1HvhcgE9j2OnWJsqANLffxw7ZEeZj+WuXfUdhe5mOm806SOir4zJn0ysMm SJfPrcaFmbYj3RRTyCQZl0rYxaNGCtEo/3OAeYrgMLcZjEZdZZeJzSHtLESsiqY0+Y iW6Srpi3yZQOGuWvD8Uu2uwQ= Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) Subject: Re: Forums.FreeBSD.org - SSL Issue? From: patpro@patpro.net In-Reply-To: <20150516190047.R69409@sola.nimnet.asn.au> Date: Mon, 18 May 2015 09:43:24 +0200 Cc: Mark Felder , freebsd-security@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <7EA714EE-27E3-4433-96B8-A334C5A7BD30@patpro.net> References: <2857899F-802E-4086-AD41-DD76FACD44FB@modirum.com> <05636D22-BBC3-4A15-AC44-0F39FB265CDF@patpro.net> <20150514193706.V69409@sola.nimnet.asn.au> <555476CB.2010005@ivpro.net> <1431608885.1875421.268665801.1220FE34@webmail.messagingengine.com> <5554C025.9090903@ivpro.net> <20150515173820.M69409@sola.nimnet.asn.au> <1431694294.3518862.269597633.213CD919@webmail.messagingengine.com> <20150516190047.R69409@sola.nimnet.asn.au> To: Ian Smith X-Mailer: Apple Mail (2.1510) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2015 07:43:38 -0000 On 18 mai 2015, at 09:05, Ian Smith wrote: >>=20 >> Actually, that might be the reason -- Google search results. Perhaps >> Google is also logging what protocols/ciphers your HTTPS has and is >> using that in search rankings. >=20 > You're seriously suggesting that the FreeBSD project should set = security=20 > policies to favour higher rankings from an advertising company? There's a bigger picture. Google is promoting strong security. Using web = sites HTTPS details (proto, ciphers, certificate trustworthiness...) as = ranking parameter is an incentive for admin to switch to better protocol = and stronger cipher suits (& more expensive certificates). Their next step, currently ongoing in fact, is to limit or even remove = browser confidence in older protocol/ciphers, so that users would be = deterred from visiting those web sites. Domain Validated certificates = are probably a target to be shot dead in few years too. As an admin I find it to be a pain in the *** to constantly have to deal = with latest Google "vision", but as a user I think they are right = because that's the way to go for promoting strong crypto. regards, patpro=