http subversion URLs should be discontinued in favor of https URLs
Yuri
yuri at rawbw.com
Sun Dec 10 20:55:04 UTC 2017
On 12/10/17 12:45, Eugene Grosbein wrote:
> 11.12.2017 3:37, Yuri wrote:
>
>> On 12/10/17 11:37, Eugene Grosbein wrote:
>>> Hmm, you should not pass your traffic through the network operated
>>> by lots of malicious operators in first place. No matter encrypted or not.
>>> There are plenty of alternative ways.
>>
>> Modern encryption protocols allow you to send traffic over insecure networks and still maintain your security and privacy, so why not?
> No, they don't. You get into MITM and then you have a choice: ignore and run your connection anyway
> or have no connectivity at all (using this channel). Both are bad, so don't use such a channel from the beginning.
There's no MITMing with https unless you are a state actor. There are
very few state actors, they are special case.
Regular hackers can't MITM https, but can MITM http.
Yuri
More information about the freebsd-security
mailing list