[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS

From: Richard Stallman
Subject: Re: [Savannah-hackers-public] [Repo-criteria-discuss] Savannah and HTTPS
Date: Mon, 10 Oct 2016 05:01:05 -0400

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > It says to support HTTPS properly and *securely*. The current variant
  > is not secure, it is vulnerable to SSL Stripping attacks. That's why
  > HSTS was invented in the first place.

I don't know what you are talking about.

  > Leaving the HTTP default open means people's access credentials can be
  > stolen by an active attacker - even if they think they're using https
  > because of the misleading option at the login screen.

I don't understand those words.  I can only say that the conclusion,
"Security requres discontinuing support for HTTP," is an extraordinary
claim and requires extraordinary proof.  I am extremely skeptical.

Dr Richard Stallman
President, Free Software Foundation (,
Internet Hall-of-Famer (
Skype: No way! See

reply via email to

[Prev in Thread] Current Thread [Next in Thread]