On 2/26/2019 8:45 AM, Joseph Reeves wrote:
I can't see the security risk you're trying to protect against. We are looking at applications that use OSM data and will refer users to third party websites; what is the risk of a malicious user MiTM'ing a http request to a restaurant website (for example) and sending me to location other than the https version of the site? What web clients are you expecting this applies to?
MITM attacks are not restricted to country operators at borders - think Firesheep and any number of similar attacks. The damage from such attacks depend on the site being visited, perhaps minimal if checking a restaurant menu, much more serious if the site requires a login.
General browsing security has to begin somewhere, and this edit is just a step in that direction. All web clients benefit from this move, except perhaps stripped down clients that do not support TLS, in which case they must solve their issues in other ways to operate in a modern Internet.
_______________________________________________ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
