On 10 December 2017 at 19:42, John-Mark Gurney <[email protected]> wrote:
> Igor Mozolevsky wrote this message on Sun, Dec 10, 2017 at 19:17 +0000: <snip> > No, I'm saying it's not a realistic threat model! If the threat is the > > integrity of the source code in transit, then it'd be way cheaper and way > > more reasonable to implement a Merkle Tree-like verification with each > > revision. > > Then you should be fine w/ http for banking sites, since it's not realistic > that your ISP will MITM your connection to steal money from you, right? > I don't know of a single instance of an ISP MITM'ing banking transactions > to steal money. Entirely different threat model that has nothing to do with MITM but a lot to do with bank-website mimicry! If I connect to MoneyBags, Inc, I want to be sure that everything I send is received at MoneyBags, Inc, and not someone pretending to be MoneyBags, Inc. If I connect to svn.example.com, all I care about is that the Merkle Tree holds, not whether svn.example.com or svn.middleman.example.com provided it. -- Igor M. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
