HTTPS on freebsd.org, git, reproducible builds
Dag-Erling Smørgrav
des at des.no
Fri Sep 18 14:05:42 UTC 2015
Mark Felder <feld at FreeBSD.org> writes:
> Dag-Erling Smørgrav <des at des.no> writes:
> > Daniel Feenberg <feenberg at nber.org> writes:
> > > Is there a reason to encrypt something that is completely public?
> > Watering hole attacks.
> Watering hole attack describes the *site* being compromised because it's
> popular and you know the target(s) will go there. HTTPS is irrelevant.
...or a MITM attack on a site that is popular with your target
demographic.
Then again, if you have the means to mount a MITM attack you probably
have the means to get a valid certificate.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list