On 10 December 2017 at 19:42, John-Mark Gurney <j...@funkthat.com> wrote:
> Igor Mozolevsky wrote this message on Sun, Dec 10, 2017 at 19:17 +0000: <snip> > No, I'm saying it's not a realistic threat model! If the threat is the > > integrity of the source code in transit, then it'd be way cheaper and way > > more reasonable to implement a Merkle Tree-like verification with each > > revision. > > Then you should be fine w/ http for banking sites, since it's not realistic > that your ISP will MITM your connection to steal money from you, right? > I don't know of a single instance of an ISP MITM'ing banking transactions > to steal money. Entirely different threat model that has nothing to do with MITM but a lot to do with bank-website mimicry! If I connect to MoneyBags, Inc, I want to be sure that everything I send is received at MoneyBags, Inc, and not someone pretending to be MoneyBags, Inc. If I connect to svn.example.com, all I care about is that the Merkle Tree holds, not whether svn.example.com or svn.middleman.example.com provided it. -- Igor M. _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
