[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [savannah-help-public] address@hidden: Re: [Repo-criteria-discuss] S
|
From: |
Richard Stallman |
|
Subject: |
Re: [savannah-help-public] address@hidden: Re: [Repo-criteria-discuss] Savannah and HTTPS] |
|
Date: |
Sat, 31 Dec 2016 13:25:16 -0500 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> I'm sorry but I bring along previous discussion baggage. Let me
> explain. You were asking about removing HTTP access due to the
> arguments of the problem of MITM attacks.
Actually I forwarded a message where someone else warned about that.
I myself don't know what the scenario is. That's why I don't
have an opinion, myself.
> MITM attacks are of ultimate concern, so goes the usual discussion,
> therefore unencrypted access must be actively blocked in order to
> protect everyone from all MITM security threats.
That argument seems valid, regarding unencrypted access that _can be
used to do a MITM attack_.
How does HTTP on Savannah make possible a MITM attack?
Ineiev's point seems valid:
> FTP and cvs pserver are harder to use for compromising Savannah accounts,
> aren't they?
I think it would be wise to look at the question first regarding HTTP.
Then, having reached a conclusion based on some reasoning, try
applying the same reasoning to the case of FTP and see what conclusion
it leads to.
--
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.