[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS
|
From: |
Richard Stallman |
|
Subject: |
Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS |
|
Date: |
Mon, 10 Oct 2016 05:01:05 -0400 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> It says to support HTTPS properly and *securely*. The current variant
> is not secure, it is vulnerable to SSL Stripping attacks. That's why
> HSTS was invented in the first place.
I don't know what you are talking about.
> Leaving the HTTP default open means people's access credentials can be
> stolen by an active attacker - even if they think they're using https
> because of the misleading option at the login screen.
I don't understand those words. I can only say that the conclusion,
"Security requres discontinuing support for HTTP," is an extraordinary
claim and requires extraordinary proof. I am extremely skeptical.
--
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.
- Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS, Mike Gerwitz, 2016/10/07
- Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS,
Richard Stallman <=
- Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS, Hanno Böck, 2016/10/10
- Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS, Michal Grochmal, 2016/10/10
- Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS, Juuso Lapinlampi, 2016/10/10
- Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS, Mike Gerwitz, 2016/10/10
Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS, Paul Smith, 2016/10/10