repo-criteria-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Repo-criteria-discuss] Savannah and HTTPS


From: Richard Stallman
Subject: Re: [Repo-criteria-discuss] Savannah and HTTPS
Date: Mon, 10 Oct 2016 05:01:05 -0400

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > It says to support HTTPS properly and *securely*. The current variant
  > is not secure, it is vulnerable to SSL Stripping attacks. That's why
  > HSTS was invented in the first place.

I don't know what you are talking about.

  > Leaving the HTTP default open means people's access credentials can be
  > stolen by an active attacker - even if they think they're using https
  > because of the misleading option at the login screen.

I don't understand those words.  I can only say that the conclusion,
"Security requres discontinuing support for HTTP," is an extraordinary
claim and requires extraordinary proof.  I am extremely skeptical.

-- 
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]