Date: Fri, 3 Apr 2015 13:44:47 -0500 (CDT) From: "Valeri Galtsev" <galtsev@kicp.uchicago.edu> To: "Dieter BSD" <dieterbsd@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Why does FreeBSD insist on https? Message-ID: <14416.128.135.70.2.1428086687.squirrel@cosmo.uchicago.edu> In-Reply-To: <CAA3ZYrAwXOp_5vfUPsEkF82UPaAqNwnTm7dw1ogf-C-X%2Bj730g@mail.gmail.com> References: <CAA3ZYrAwXOp_5vfUPsEkF82UPaAqNwnTm7dw1ogf-C-X%2Bj730g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, April 3, 2015 12:59 pm, Dieter BSD wrote: >> Why do so many FreeBSD URLs redirect from http to https? >> What is this intended to accomplish? >> >> This is user-hostile. Some browsers cannot do https, and there are >> good reasons (unrelated to http vs https) to use these browsers. >> There are also good reasons to prefer http over https even with a >> browser >> that can do https. Https is useful when needed, but it isn't needed >> here. >> >> Can someone *please* fix this? > > Maxim replies: > https://www.eff.org/deeplinks/2015/04/china-uses-unencrypted-websites-to-hijack\ > -browsers-in-github-attack > > I complain about unnecessary https so of course you offer a https link. > Very useful. Thank you. > >>From what I've read about that attack there are better ways to prevent it > than using https. (I'll leave that as a exercise for the reader.) > > Charles replies: >> Security? Confidentiality? > > For information that is openly published? > >> Strong(er) assurance of content integrity? > > Maybe slightly. But it should be the user's choice. No: ensuring the content comes to recipient unmodified by arbitrary 3rd partied is right of content provider. Not the one who visits the website. You can establish the rules only for the websites _you_ own, maintain, and are responsible for content of. Anybody (who is not website owner) demanding that changed are in sane people's mind attempting to force that change on behalf of malicious exploiters. So, either you keep insisting on that, and therefore are identifying yourself with website hijackers and orchestrators of DOS attacks. Or you stop insisting on that. I for one after someone explained to you the reasons in layman language, seeing you keep insisting, would just ban you off the list. Luckily for you I'm not one of the list admins. Valeri > >> There are an increasing # of transparent proxies which rewrite >> content, inject ads, even inject malware for HTTP which are foiled >> by switching to HTTPS + HSTS (HTTP Strict Transport Security). > > Perhaps. For the moment. How long until the bad guys find a way to > get around the https/hsts speed bump? Probably not very long, if they > haven't already. Word is that some people *have* already found ways > around the speed bump. > >> Any browser which does not support HTTPS is either obsolete or simply >> missing critical functionality. > > Ya, ya, kids today consider anything more than 5ns old obsolete. > Doesn't make it so. > > I have tried a LOT of browsers and they ALL lack important functionality. > Most were so broken they were completely unusable. I've fixed bug > in browsers and made enhancements to them. Had to fix well over > 1000 bugs in one browser before I managed to get it to compile. > >> Your bank, online stores, utilities, >> almost any site with a login are all going to require HTTPS. > > There are plenty of sites with logins that do not require https. > Again, this is information that is openly published. In many, > possibly all, cases the URLs used to work properly with http. > > Terje replies: >> If it's causing you any actual trouble > > It is. Original message is quoted above, read it again, and don't > assume I'm looking for an argument, or abuse. > > I'm not suggesting that the ability to do https be taken away. Those > who want https can type https. I'm only saying that the website should > honor http for those who prefer or need it. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14416.128.135.70.2.1428086687.squirrel>