http subversion URLs should be discontinued in favor of https URLs
Poul-Henning Kamp
phk at phk.freebsd.dk
Thu Dec 7 14:50:35 UTC 2017
--------
In message <867etyzlad.fsf at desk.des.no>, =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= w
rites:
>Gordon Tetlow <gordon at tetlows.org> writes:
>> Assertion of identity and encryption in transit are separate issues. [...]
>
>You can't have the latter without the former. Assertion of identity is
>the only protection against MITM eavesdropping or tampering.
Or more generally:
If you dont/cant trust the other end, why would you trust them to
keep the communication secret ?
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-security
mailing list