HTTPS on freebsd.org, git, reproducible builds

John-Mark Gurney jmg at funkthat.com
Fri Sep 18 21:12:05 UTC 2015


Ben Bailess wrote this message on Fri, Sep 18, 2015 at 10:07 -0400:
> I have to echo this sentiment -- authentication is important, and so is
> integrity. HTTPS would provide both -- to be sure you're talking to the
> "real" FreeBSD and give you confidence that your page content has not been
> altered in transit by a network adversary (e.g. if you are using Tor)*.
> 
> *I honestly don't see that being a realistic defense against NSA/GCHQ-level
> attackers, though... the coercive power they have over CAs would probably
> be the weak point there, in my opinion.

Then you get projects like certificate pinning and SSL Observatory that
helps ensure that the cert that is presented is also presented to others...

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."


More information about the freebsd-security mailing list