Date: Fri, 18 Sep 2015 16:05:39 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Mark Felder <feld@FreeBSD.org> Cc: Daniel Feenberg <feenberg@nber.org>, freebsd-security@freebsd.org, grarpamp <grarpamp@gmail.com>, freebsd-questions@freebsd.org Subject: Re: HTTPS on freebsd.org, git, reproducible builds Message-ID: <86k2rnddqk.fsf@nine.des.no> In-Reply-To: <1442584818.1834563.387314497.1AD169D2@webmail.messagingengine.com> (Mark Felder's message of "Fri, 18 Sep 2015 09:00:18 -0500") References: <CAD2Ti2_YNkNi2b=PzFCwu3PVaP8hOzADys3=-k0AqvsDRhJpzA@mail.gmail.com> <alpine.LRH.2.11.1509180646470.14490@nber4.nber.org> <86r3lvdeah.fsf@nine.des.no> <1442584818.1834563.387314497.1AD169D2@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Felder <feld@FreeBSD.org> writes: > Dag-Erling Sm=C3=B8rgrav <des@des.no> writes: > > Daniel Feenberg <feenberg@nber.org> writes: > > > Is there a reason to encrypt something that is completely public? > > Watering hole attacks. > Watering hole attack describes the *site* being compromised because it's > popular and you know the target(s) will go there. HTTPS is irrelevant. ...or a MITM attack on a site that is popular with your target demographic. Then again, if you have the means to mount a MITM attack you probably have the means to get a valid certificate. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86k2rnddqk.fsf>