Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 11 Dec 2017 02:37:03 +0700
From:      Eugene Grosbein <eugen@grosbein.net>
To:        Yuri <yuri@rawbw.com>, Igor Mozolevsky <mozolevsky@gmail.com>
Cc:        freebsd security <freebsd-security@freebsd.org>, RW <rwmaillists@googlemail.com>
Subject:   Re: http subversion URLs should be discontinued in favor of https URLs
Message-ID:  <5A2D8CDF.80903@grosbein.net>
In-Reply-To: <19bd6d57-4fa6-24d4-6262-37e1487d7ed6@rawbw.com>
References:  <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com> <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <20171205231845.5028d01d@gumby.homeunix.com> <CADWvR2gVn8H5h6LYB5ddwUHYwDtiLCuYndsXhJywi7Q9vNsYvw@mail.gmail.com> <20171210173222.GF5901@funkthat.com> <CADWvR2iGQOtcU=FnU-fNsso2eLCCQn=swnOLoqws%2B33V8VzX1Q@mail.gmail.com> <5c810101-9092-7665-d623-275c15d4612b@rawbw.com> <CADWvR2j_LLEPKnSynRRmP4LG3mypdkNitwg%2B7vSh=iuJ=JU09Q@mail.gmail.com> <fd888f6b-bf16-f029-06d3-9a9b754dc676@rawbw.com> <CADWvR2jnxVwXmTA9XpZhGYnCAhFVifqqx2MvYeSeHmYEybaNnA@mail.gmail.com> <19bd6d57-4fa6-24d4-6262-37e1487d7ed6@rawbw.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
11.12.2017 2:23, Yuri wrote:

> On 12/10/17 10:15, Igor Mozolevsky wrote:
>> They are not "hypothetical characters," they are invented characters that
>> are used in a threat model. But that's reframing the problem- a
>> hypothetical threat model is very different to a real threat model.
> 
> 
> This is a very real threat model. There are a lot of malicious Tor exit node operators,
> and a lot of FreeBSD users update their system over subversion. The
> only thing that the Tor node operator needs to do is to detect relevant requests and serve malware.

Hmm, you should not pass your traffic through the network operated
by lots of malicious operators in first place. No matter encrypted or not.
There are plenty of alternative ways.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5A2D8CDF.80903>