From owner-freebsd-security@FreeBSD.ORG Mon May 18 08:21:31 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5C8AFE4B for ; Mon, 18 May 2015 08:21:31 +0000 (UTC) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 124241137 for ; Mon, 18 May 2015 08:21:31 +0000 (UTC) Received: from slw by zxy.spb.ru with local (Exim 4.84 (FreeBSD)) (envelope-from ) id 1YuGIT-000Gab-Dk; Mon, 18 May 2015 11:21:13 +0300 Date: Mon, 18 May 2015 11:21:13 +0300 From: Slawa Olhovchenkov To: patpro@patpro.net Cc: Ian Smith , freebsd-security@freebsd.org Subject: Re: Forums.FreeBSD.org - SSL Issue? Message-ID: <20150518082113.GG1394@zxy.spb.ru> References: <2857899F-802E-4086-AD41-DD76FACD44FB@modirum.com> <05636D22-BBC3-4A15-AC44-0F39FB265CDF@patpro.net> <20150514193706.V69409@sola.nimnet.asn.au> <555476CB.2010005@ivpro.net> <1431608885.1875421.268665801.1220FE34@webmail.messagingengine.com> <5554C025.9090903@ivpro.net> <20150515173820.M69409@sola.nimnet.asn.au> <1431694294.3518862.269597633.213CD919@webmail.messagingengine.com> <20150516190047.R69409@sola.nimnet.asn.au> <7EA714EE-27E3-4433-96B8-A334C5A7BD30@patpro.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7EA714EE-27E3-4433-96B8-A334C5A7BD30@patpro.net> User-Agent: Mutt/1.5.23 (2014-03-12) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2015 08:21:31 -0000 On Mon, May 18, 2015 at 09:43:24AM +0200, patpro@patpro.net wrote: > On 18 mai 2015, at 09:05, Ian Smith wrote: > > >> > >> Actually, that might be the reason -- Google search results. Perhaps > >> Google is also logging what protocols/ciphers your HTTPS has and is > >> using that in search rankings. > > > > You're seriously suggesting that the FreeBSD project should set security > > policies to favour higher rankings from an advertising company? > > > There's a bigger picture. Google is promoting strong security. Using web sites HTTPS details (proto, ciphers, certificate trustworthiness...) as ranking parameter is an incentive for admin to switch to better protocol and stronger cipher suits (& more expensive certificates). > Their next step, currently ongoing in fact, is to limit or even remove browser confidence in older protocol/ciphers, so that users would be deterred from visiting those web sites. Domain Validated certificates are probably a target to be shot dead in few years too. > > As an admin I find it to be a pain in the *** to constantly have to deal with latest Google "vision", but as a user I think they are right because that's the way to go for promoting strong crypto. As user I am don't need crypto, strong or weak.