This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: SSL not required for setup.exe download

From: Lee <ler762 at gmail dot com>
To: cygwin at cygwin dot com
Date: Tue, 12 Mar 2019 17:32:09 -0400
Subject: Re: SSL not required for setup.exe download
References: <CANSoFxtW0Jb1M5KfkFGGOxec_D8ysyYCrnk_PXWjHobLDXZauQ@mail.gmail.com> <1a840c2e-55ac-0ab4-66c4-a1f6a2c4f81a@Shaw.ca> <CANSoFxtA0vnF1adx4rwyjuMasrVAOGb8hT_Uct-wSdcazj252w@mail.gmail.com> <41f12842-ea43-ff63-a660-26ee3b497c63@SystematicSw.ab.ca> <CANSoFxtLzGgcOhrsu4h0eXXnpezB6v17cGwOrqy6SjSvJ__gLA@mail.gmail.com> <1b570593-0ec7-0890-26ef-7e7468534f47@SystematicSw.ab.ca> <CANSoFxsq+5OfRH7RF3QdpMSJU-4JAKSCZM-rUUysP5Y3myR0+Q@mail.gmail.com> <1406950005.20190312031618@yandex.ru> <CAD8GWsv=R+G5P9_fNvMvC1+txqPELr=5s3R38jiPyCUj0AcTFg@mail.gmail.com> <87imwn3jvr.fsf@Rainer.invalid>

On 3/12/19, Achim Gratz wrote:
> Lee writes:
>> I don't think it's a false sense of security.  https:// isn't "safe"
>> but it is _safer_ than http://
>
> Unless you are in an environment where an extra root cert is injected
> just to be able to break up the encrypted connection.  Which is a lot
> more common than people think and is not quite as easy to check for as
> some folks make it out.

Right - checking the web-site cert on every site gets old fast.  Which
is why I liked the firefox cert patrol addon reminding me $WORK had
their "data loss protection" screening in action.

But even with the security office being able to snoop or modify every
one of my https:// connections, it's just the security office people,
so it still seems safer using tls than clear-text connections.

Regards,
Lee

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

References:
- SSL not required for setup.exe download
  - From: Archie Cobbs
- Re: SSL not required for setup.exe download
  - From: Brian Inglis
- Re: SSL not required for setup.exe download
  - From: Archie Cobbs
- Re: SSL not required for setup.exe download
  - From: Brian Inglis
- Re: SSL not required for setup.exe download
  - From: Archie Cobbs
- Re: SSL not required for setup.exe download
  - From: Brian Inglis
- Re: SSL not required for setup.exe download
  - From: Archie Cobbs
- Re: SSL not required for setup.exe download
  - From: Andrey Repin
- Re: SSL not required for setup.exe download
  - From: Lee
- Re: SSL not required for setup.exe download
  - From: Achim Gratz

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]