Date: Fri, 8 Dec 2017 16:25:39 +0800 From: TJ Varghese <tj@tjvarghese.com> To: Poul-Henning Kamp <phk@phk.freebsd.dk>, =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgr?= =?UTF-8?Q?av?= <des@des.no> Cc: freebsd-security@freebsd.org, Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au>, Gordon Tetlow <gordon@tetlows.org> Subject: Re: http subversion URLs should be discontinued in favor of https URLs Message-ID: <2a8d9a0a-7a64-2dde-4e53-77ee52632846@tjvarghese.com> In-Reply-To: <1291.1512658230@critter.freebsd.dk> References: <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com> <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <24153.1512513836@critter.freebsd.dk> <1C30FE91-753A-47A4-9B33-481184F853E1@tetlows.org> <867etyzlad.fsf@desk.des.no> <1291.1512658230@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/07/2017 10:50 PM, Poul-Henning Kamp wrote: > >> You can't have the latter without the former. Assertion of identity is >> the only protection against MITM eavesdropping or tampering. > Or more generally: > > If you dont/cant trust the other end, why would you trust them to > keep the communication secret ? > I'm curious as to your take on electronic banking. Should they all merely use HTTP since HTTPS is hopelessly compromised by design? If your objection is that HTTPS bring nothing to the security table, then it really doesn't make a difference where it's used and we should all just stop using it, no?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2a8d9a0a-7a64-2dde-4e53-77ee52632846>