On Tue, Mar 27, 2018 at 8:41 AM, Rodney W. Grimes
wrote:
> Without the private part of the TLS they can not alter that data,
> correct?
Correct — a property typically referred to as "integrity." (Well,
obviously they can truncate streams with RST, but that isn't very
subtle to any client.)
> I
> Thinking of the network as attacker-controlled is fine, but without
> the CA certificate database in ports, TLS provides neither data
> integrity nor confidentiality.[0]
>
> Even with certificate validation, it's unlikely that TLS provides
> meaningful confidentiality for svn.freebsd.org ? IP st
Thinking of the network as attacker-controlled is fine, but without
the CA certificate database in ports, TLS provides neither data
integrity nor confidentiality.[0]
Even with certificate validation, it's unlikely that TLS provides
meaningful confidentiality for svn.freebsd.org — IP still exposes
On Tue, Mar 27, 2018 at 9:57 AM, Rodney W. Grimes <
free...@pdx.rh.cn85.dnsmgr.net> wrote:
> > Author: trasz
> > Date: Tue Mar 27 14:51:19 2018
> > New Revision: 331618
> > URL: https://svnweb.freebsd.org/changeset/base/331618
> >
> > Log:
> > Use https:// instead of http://.
> >
> > MFC after
> Author: trasz
> Date: Tue Mar 27 14:51:19 2018
> New Revision: 331618
> URL: https://svnweb.freebsd.org/changeset/base/331618
>
> Log:
> Use https:// instead of http://.
>
> MFC after: 2 weeks
>
> Modified:
> head/share/man/man7/development.7
>
> Modified: head/share/man/man7/develop
Author: trasz
Date: Tue Mar 27 14:51:19 2018
New Revision: 331618
URL: https://svnweb.freebsd.org/changeset/base/331618
Log:
Use https:// instead of http://.
MFC after:2 weeks
Modified:
head/share/man/man7/development.7
Modified: head/share/man/man7/development.7
===
