Why does FreeBSD insist on https?
Jon Radel
jon at radel.com
Thu Apr 2 21:16:54 UTC 2015
On 4/2/15 5:06 PM, Charles Swiger wrote:
> On Apr 2, 2015, at 1:26 PM, Dieter BSD <dieterbsd at gmail.com> wrote:
>> Why do so many FreeBSD URLs redirect from http to https?
>> What is this intended to accomplish?
> Security? Confidentiality? Strong(er) assurance of content integrity?
>
> There are an increasing # of transparent proxies which rewrite
> content, inject ads, even inject malware for HTTP which are foiled
> by switching to HTTPS + HSTS (HTTP Strict Transport Security).
>
>
And just imagine what fun could be had by modifying the checksums listed on
https://www.freebsd.org/releases/10.1R/announce.html
if you control the same routers all the ftp downloads of ISOs go through....
--Jon Radel
jon at radel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3870 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20150402/c8166bd4/attachment.bin>
More information about the freebsd-questions
mailing list