Date: Wed, 6 Dec 2017 08:55:00 +1100 From: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au> To: freebsd-security@freebsd.org Subject: Re: http subversion URLs should be discontinued in favor of https URLs Message-ID: <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> In-Reply-To: <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> References: <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com> <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/12/2017 8:13 AM, Yuri wrote: > On 12/05/17 13:04, Eugene Grosbein wrote: >> It is illusion that https is more secure than unencrypted http in a >> sense of MITM >> just because of encryption, it is not. > > > It *is* more secure. In order to break it, you have to have > compromized https authorities. Some state actors have plausibly done > this. http, on the contrary, can be altered by anybody who has access > to the wire, which is generally a much wider set. > > > Yuri Yuri, It can be illusory. My last job was as Sec Mgr for a large bank. They disabled cert checking on client devices, placed a wildcard cert at the internet boundary and captured all https unencrypted. An alternative approach to advocate is dnssec. :) You also need to ensure integrity, to ensure that the numbers are flipped in transit... ;)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8788fb0d-4ee9-968a-1e33-e3bd84ffb892>