Re: git: 9c59988175ff - main - bsdinstall: prefer HTTP

From: Harry Schmalzbauer <freebsd_at_omnilan.de>
Date: Mon, 22 Apr 2024 09:16:17 UTC
On 2024-02-15 15:55, Shawn Webb wrote:
...
>>> I'm curious to learn why you chose http:// rather than https://.
>> Because https:// only adds work.  And work is heat.
>>
>> bsdinstall uses the MANIFEST to confirm integrity.
>>
>> If your bsdinstall and MANIFEST are from a trustworthy source, anything
>> downloaded over http:// will be trustworthy.  Just as trustworthy, in fact,
>> as anything downloaded over ftp://.
> There is the problem of metadata leakage, which HTTPS helps to address
> (though not completely.)


The connection itself leaks the significant part, no matter if it's HTTP 
or HTTPS.
Anything else from the header, which is plain on HTTP vs. HTTPS, doesn't 
tell much more: A 500MB stream from ftp.freebsd.org let's anyone guess 
you're downloading a setup image.  Which one exactly isn't hurting 
privacy imho, nor which agent is in use etc...

I totally agree that general TLSing is a bad idea.
Another advantage of HTTP (plain) vs. HTTPS is that proxies can easily 
cache, saving load from the net and the servers alike.

(if intercepting beforehand anyways - which is 'standard' wherever I 
access the internet @work! - caching would work too of course, but in 
real world, the mitm-boxes rarely are proxies. Even small sized 
companies utilize F.ate/P.lto SSL-inspection feature - cheap and easy to 
turn on.  If TLSing madness wouldn't have caused encypted 
weather/newspaper/ads, maybe we wouldn't have precautionary 
man-in-the-middle boxes all over the places - which do inspect banking 
and everything else if not carefully extra ruled out)

Just my 2 ¢