Re: [CentOS] https everywhere.

2015-05-20 Thread Karanbir Singh
On 19/05/15 13:07, Kai Bojens wrote: > On 17-05-15 10:35:55, Gordon Messmer wrote: > >> https doesn't improve your privacy in this application. > > No, but it makes it a little bit harder for third parties > to gather all these information. That seems to be a worthy > goal for me. We can likel

Re: [CentOS] https everywhere.

2015-05-19 Thread Johnny Hughes
On 05/19/2015 07:07 AM, Kai Bojens wrote: > On 17-05-15 10:35:55, Gordon Messmer wrote: > >> https doesn't improve your privacy in this application. > > No, but it makes it a little bit harder for third parties > to gather all these information. That seems to be a worthy > goal for me. Except

Re: [CentOS] https everywhere.

2015-05-19 Thread Kai Bojens
On 17-05-15 10:35:55, Gordon Messmer wrote: > https doesn't improve your privacy in this application. No, but it makes it a little bit harder for third parties to gather all these information. That seems to be a worthy goal for me. ___ CentOS mailing

Re: [CentOS] https everywhere.

2015-05-17 Thread Gordon Messmer
On 05/16/2015 04:18 PM, Peter Lawler wrote: People monitoring your connection know what you've updated, and what you haven't, thus knowing what you may be vulnerable to, is a problem. If I'm monitoring your https connection: I know the list of mirrors. That's public information. I know when u

Re: [CentOS] https everywhere.

2015-05-16 Thread Peter Lawler
On 16/05/15 08:36, Jim Perrin wrote: > > > On 05/15/2015 02:49 PM, Matthew Miller wrote: >> On Fri, May 15, 2015 at 03:44:39PM -0400, James B. Byrne wrote: >>> What are the plans for the CentOS repos with respect to authentication >>> and https everywhere? At the moment it is a trivial exercise

Re: [CentOS] https everywhere.

2015-05-15 Thread Jim Perrin
On 05/15/2015 02:49 PM, Matthew Miller wrote: > On Fri, May 15, 2015 at 03:44:39PM -0400, James B. Byrne wrote: >> What are the plans for the CentOS repos with respect to authentication >> and https everywhere? At the moment it is a trivial exercise to >> perform a MTM attack during a yum update

Re: [CentOS] https everywhere.

2015-05-15 Thread Matthew Miller
On Fri, May 15, 2015 at 03:44:39PM -0400, James B. Byrne wrote: > What are the plans for the CentOS repos with respect to authentication > and https everywhere? At the moment it is a trivial exercise to > perform a MTM attack during a yum update over http. Since the packages themselves are signed

[CentOS] https everywhere.

2015-05-15 Thread James B. Byrne
What are the plans for the CentOS repos with respect to authentication and https everywhere? At the moment it is a trivial exercise to perform a MTM attack during a yum update over http. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mai