At 08:07 AM 9/18/2015, Ben Bailess wrote:
I have to echo this sentiment -- authentication is important, and so is
integrity. HTTPS would provide both -- to be sure you're talking to the
"real" FreeBSD and give you confidence that your page content has not been
altered in transit by a network adversary (e.g. if you are using Tor)*.
I'd mainly be concerned about downloads of distros or updates being
tampered with. Worms are appearing that infect not only PCs but also
routers (e.g. the "Moon" worm, which affected most Linksys models available
at the time), setting up a perfect scenario for an MITM attack that could
substitute an infected file AND a forged checksum for the originals. If
an HTTPS download site were available, I would absolutely prefer it to
an HTTP one. Just my $0.02 USD.
--Brett Glass
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
