[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Repo-criteria-discuss] Savannah and HTTPS
From: |
Mike Gerwitz |
Subject: |
Re: [Repo-criteria-discuss] Savannah and HTTPS |
Date: |
Mon, 10 Oct 2016 21:30:39 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
On Mon, Oct 10, 2016 at 05:01:05 -0400, Richard Stallman wrote:
> I don't understand those words. I can only say that the conclusion,
> "Security requres discontinuing support for HTTP," is an extraordinary
> claim and requires extraordinary proof. I am extremely skeptical.
It depends on what you are trying to mitigate.
In the Savannah case, it's important to protect both the user's login
data and their session itself. When the user is logged in, it's
important to protect against MitM attacks that could be used to hijack
their session or trick them into doing things that they might not want
to do.
More broadly: MitM attacks are always a concern and cannot be mitigated
with plain HTTP. If the integrity of the data are important---e.g. the
information the user reads and the files that they download---then HTTPS
is important. There is nothing preventing employers, networks, ISPs, or
states from censoring or modifying content. Comcast was caught
injecting JavaScript into users' webpages to notify them of copyright
violations.[0] This same method is used by malware to inject
ads. Wikipedia implements HTTPS in part to ensure the integrity of
their articles.[1] If I'm visiting a site over Tor, a malicious exit
node could modify and sniff non-HTTPS pages.
There is also the issue of privacy. With HTTPS, an adversary monitoring
a network (Eve) would know that Alice is looking at Wikipedia, but not
what Alice is looking at. With plain HTTP, Eve knows exactly what
articles Alice is reading. This can be potentially life-threatening in
some countries where reading certain articles is a crime. For others,
it might simply be embarrassing. If I'm concerned about a health
condition that I want to look up at work, I don't want my employer
knowing I'm looking at it.
It's usually not the case that I can't trust the website itself---it's
everything _else_ that can go wrong. It's unfortunate that the first
thought in my mind the entire time I'm online (Web or otherwise) is
mitigating various adversaries, but that's the reality.
[0]: https://news.ycombinator.com/item?id=10592775
[1]: https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/
--
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB
https://mikegerwitz.com
signature.asc
Description: PGP signature
- [Repo-criteria-discuss] HSTS screw?, (continued)
- Re: [Repo-criteria-discuss] HSTS screw?, Hanno Böck, 2016/10/11
- Re: [Repo-criteria-discuss] HSTS screw?, Richard Stallman, 2016/10/11
- Re: [Repo-criteria-discuss] HSTS screw?, Hanno Böck, 2016/10/12
- Re: [Repo-criteria-discuss] HSTS screw?, Richard Stallman, 2016/10/12
- Re: [Repo-criteria-discuss] HSTS screw?, Mike Gerwitz, 2016/10/12
- Re: [Repo-criteria-discuss] HSTS screw?, Richard Stallman, 2016/10/13
- Re: [Repo-criteria-discuss] HSTS screw?, Mike Gerwitz, 2016/10/13
- Re: [Repo-criteria-discuss] Savannah and HTTPS,
Mike Gerwitz <=
Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS, Paul Smith, 2016/10/10