11.12.2017 3:52, Franco Fichtner wrote: >> On 10. Dec 2017, at 9:45 PM, Eugene Grosbein <eu...@grosbein.net> wrote: >> >> 11.12.2017 3:37, Yuri wrote: >> >>> On 12/10/17 11:37, Eugene Grosbein wrote: >>>> Hmm, you should not pass your traffic through the network operated >>>> by lots of malicious operators in first place. No matter encrypted or not. >>>> There are plenty of alternative ways. >>> >>> >>> Modern encryption protocols allow you to send traffic over insecure >>> networks and still maintain your security and privacy, so why not? >> >> No, they don't. You get into MITM and then you have a choice: ignore and run >> your connection anyway >> or have no connectivity at all (using this channel). Both are bad, so don't >> use such a channel from the beginning. > > You deconstructed the point you tried to make: > > With HTTP MITM you don't have a choice. ;)
Whith HTTP going through another route you could have no MITM because a) MITM is illegal for network provider and/or b) nobody on this route cares of this HTTP connection (opposed to TOR operator). Let's get it to real threat model instead of fictional one? _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
