On 12/05/17 12:59, Yuri wrote:
I suggested this PR, but it got rejected:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224097
http is insecure in its nature, and is an easy target for MITM. This
is why https should be preferred. http needs to be discontinued and
shut down because as long as it exists somebody will keep using it and
will be in danger.
Few years ago Wikimedia Foundation switched to https and discontinued
http entirely:
https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https
I think this makes a lot of sense, and FreeBSD should do the same.
It's understood that a lot of arguments can be made for and against
this, like with any other issue, but security argument should outweigh
most or all other arguments.
Let's forget about all the abstract arguments and considerations, and
consider this concrete scenario:
Let's assume there is the malicious hacker who runs the malicious Tor
exit node. In his attempt to spread malware, he watches all outbound
http traffic for subversion requests to the domain FreeBSD.org. Once he
detects such request, he serves the maliciously patched versions of
popular ports and kernel in a hope that they will be rebuilt locally and
run. The unfortunate FreeBSD user who updated his source tree through
Tor got infected. This can't possibly happen if https protocol was in
use, because the hacker is just a private person and doesn't have access
to any CA authorities, and doesn't impersonate anybody.
Please justify the use of the http protocol in the face of this scenario.
Yuri
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
