Date: Wed, 6 Dec 2017 06:17:18 -0800 From: Cy Schubert <Cy.Schubert@komquats.com> To: Steve Clement <steve@localhost.lu>, Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: RE: http subversion URLs should be discontinued in favor of https URLs Message-ID: <20171206141716.1ECC3110@spqr.komquats.com>
next in thread | raw e-mail | index | archive | help
No worries, telnet and ftp are in my sights. --- Sent using a tiny phone keyboard. Apologies for any typos and autocorrect. This old phone only supports top post. Apologies. Cy Schubert <Cy.Schubert@cschubert.com> or <cy@freebsd.org> The need of the many outweighs the greed of the few. --- -----Original Message----- From: Steve Clement Sent: 06/12/2017 03:29 To: Dewayne Geraghty Cc: freebsd-security@freebsd.org Subject: Re: http subversion URLs should be discontinued in favor of https = URLs * On Wed, Dec 06, 2017 at 08:55:00AM +1100, Dewayne Geraghty <dewayne.gerag= hty@heuristicsystems.com.au> wrote: > On 6/12/2017 8:13 AM, Yuri wrote: > > On 12/05/17 13:04, Eugene Grosbein wrote: > >> It is illusion that https is more secure than unencrypted http in a > >> sense of MITM > >> just because of encryption, it is not. > > > > Dear all, Is it really wise suggesting that http is not that bad? While you are at it, perhaps reviving telnet is a good idea. (Yes it is a bad comparison) If your answer is to just not use it, good luck for the past. > It can be illusory. =C2=A0 My last job was as Sec Mgr for a large bank.= =C2=A0 They > disabled cert checking on client devices, placed a wildcard cert at the > internet boundary and captured all https unencrypted.=C2=A0 An alternativ= e > approach to advocate is dnssec.=C2=A0 :) And you just let this happen under your watch? > You also need to ensure integrity, to ensure that the numbers are > flipped in transit...=C2=A0 ;) As a security person you do have responsibilities. Of course if you (as a security person) gave up on all that, you might as well go to the beach and use your CB to talk to your Dr. I cannot believe these attitudes, can perhaps other people weigh-in, especially to the issue at hand? Looking forward to the first person brining up performance issues, in end-of-2017=E2=80=A6 Sincerely yours, Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171206141716.1ECC3110>