On Thu, 24 Aug 2017, Sean Whitton wrote: > Seconded, but I think the integrity protection is a more important > reason to avoid the git protocol or http, so if we can come up with a > further change to reflect that it would be better.
Attacking the integrity of the messages in transit requires active MITM attacks for all three protocols (http, https, git). https *without* strong certificate validation has no defense against active MITM, i.e. it does *not* protect message integrity against attacks. And since all of the required PKI for https to do strong certificate validation is out-of-band, we have to assume naive https use. So, no, this is not about integrity. It is, at most, about privacy against passive eavesdropers. If you want integrity, a lot more is needed. -- Henrique Holschuh
