| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:mime-version:to:cc | |
| :subject:references:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=JQvfyXHIs//xOylL | |
| 01RB29FPhoUlJiGIGBkO3FZCshAdzFV9e8QbWBDqUznz6HC9QuU6LFJ22rOyvZJK | |
| vCVVM6E1uBtUfmwW6MBk9kFCPPxqQFjZmjt+Hz7iGdd1Wpc11JsdM6YfrhRrxGNl | |
| FdPiB9/2fRV18l99sBjbBKxKDyQ= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:mime-version:to:cc | |
| :subject:references:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=zfsb77O1XGAhUWF8s8MS50 | |
| OF2yQ=; b=ivX2fmB5n+xUY5EQkLggbOjZIBS042V9DKByI22I8KS8JUEokJOLKB | |
| aKXdnGTuK3+2V9IwJ5Y6tkMD4rNrXzYeJ/Cc/zZSvpektVMHb64tk0w0cV8vsq1+ | |
| qJ3ssoxfaj6sExPWKGh2V/4fprWWgtoj8v76Fq86TiniqEvP4NsK4= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Spam-SWARE-Status: | No, score=-6.1 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2 autolearn=ham version=3.3.1 spammy=ensuring, well-known, wellknown, citizens |
| X-HELO: | Ishtar.sc.tlinx.org |
| Message-ID: | <5C866129.1090605@tlinx.org> |
| Date: | Mon, 11 Mar 2019 06:22:49 -0700 |
| From: | L A Walsh <cygwin AT tlinx DOT org> |
| User-Agent: | Thunderbird |
| MIME-Version: | 1.0 |
| To: | archie DOT cobbs AT gmail DOT com |
| CC: | cygwin AT cygwin DOT com |
| Subject: | Re: SSL not required for setup.exe download |
| References: | <CANSoFxtW0Jb1M5KfkFGGOxec_D8ysyYCrnk_PXWjHobLDXZauQ AT mail DOT gmail DOT com> <fcfccbe3-a4e3-2f75-a2f4-23d12abc5a70 AT SystematicSw DOT ab DOT ca> <5C859BB7 DOT 4040900 AT tlinx DOT org> <CANSoFxtRQrwe4TAWweswXC94d5hzyt--M6BaR4Dcg1yBVqh1GQ AT mail DOT gmail DOT com> |
| In-Reply-To: | <CANSoFxtRQrwe4TAWweswXC94d5hzyt--M6BaR4Dcg1yBVqh1GQ@mail.gmail.com> |
| X-IsSubscribed: | yes |
On 3/10/2019 8:53 PM, Archie Cobbs wrote:
> On Sun, Mar 10, 2019 at 6:20 PM L A Walsh <cygwin AT tlinx DOT org> wrote:
>
>>>> It would be safer if http://www.cygwin.com always redirected you to
>>>> https://www.cygwin.com, where the page and the link are SSL.
>>>> Is there any reason not to force this redirect and close this security hole?
>>>>
>> I think the point is that if you redirect and a client can't
>> speak https, what happens? Wouldn't they get an error that would
>> prevent them from using the site?
>>
>
> I guess so. Can you name any such client?
>
---
Depends on the site, but for several months my browser would get
an error if I tried to goto my distro's website. They implemented
hsts, but were using an insecure encryption that my browser had
enabled. So now I try to only use their unencrypted channels for
distro-download, among other things.
As for others, and companies, such information is proprietary.
Why would people advertise they are
using a browser that doesn't speak the latest fad? If you are
asking for a mainstream browser, forget it, you'd have to
write your own software or make changes in one. But any browser that
is open source could be configured to disable https on non-sensitive
sites, though eventually, intercepting only encrypted material and
ensuring that the browsers honor well-known CA's, that have
had keys requested under government security letters that forbid
any spread of such interception will get them most of what they
want.
It's all in the name of protecting the citizens, of course...and
the children: think of the children (yeah, a bit of hyperbole here,
but that doesn't mean it can't be true).
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |