http subversion URLs should be discontinued in favor of https URLs
Yuri
yuri at rawbw.com
Wed Dec 6 00:00:14 UTC 2017
On 12/05/17 15:30, Poul-Henning Kamp wrote:
> The CA conglomerate is broken, trojaned and backdoored, and documented
> as such, and therefore HTTPs is a potempkin shell of security.
>
> Until HTTPS has something more trustworthy than the CA conglomerate
> to distribute keys, it is no safer in any respect than plain HTTP.
You are wrong. https with all its problems is still safer. If I am
browsing through Tor, any exit node operator can easily perform a MITM
attack in case of http, which they generally can't do in case of https.
In case of https he needs to be a state actor privy to the CA compromise.
Yuri
More information about the freebsd-security
mailing list