HTTPS on freebsd.org, git, reproducible builds
Mark Felder
feld at FreeBSD.org
Fri Sep 18 13:46:31 UTC 2015
On Fri, Sep 18, 2015, at 07:47, Quartz wrote:
> > Is there a reason to encrypt something that is completely public?
>
> MitM attacks. SSL would go a long way towards ensuring that when you go
> to a website you're seeing the real website and not something that
> silently redirects you to compromised files or targeted misinformation.
>
This is a common misconception. How do you programmatically prove you're
not victim of an SSL MITM? You have to trust your installed CA Roots and
any of those could have issued a FreeBSD.org certificate. DNSSEC
helps[1] prove you're reaching the right IP, but they could be doing a
transparent MITM or BGP hijacking. Additionally, there is no desktop
browser natively supporting DANE yet, and you probably will never find
it in text browsers like lynx.
The key distinction is that SSL provides encryption, not identification.
Proving identification is much more difficult.
Remember, if they can MITM your HTTP, they can MITM your HTTPS. The
difficulty is only slightly higher; it's certainly within the reach of
organized blackhat groups and easily achieved by state actors.
[1] As long as you can trust that the DNSSEC root isn't compromised by
the state...
--
Mark Felder
ports-secteam member
feld at FreeBSD.org
More information about the freebsd-questions
mailing list