I am new to this, so there might be a reason behind it, which makes my feedback useless. Probably you are aware of the problem.
Anyway, as feedback on the download procedure is wanted, here it goes:
the Snap download as well as the whole ESA website (http://step.esa.int/main/download/snap-download/) are not in https but in http which (from my knowledge point of view) makes it easy for third parties to intervene in between and change the download. Therefore, it is a possible entry point for malware.
Hello David,
Thank you for the feedback. Always appreciated.
actually both http and https versions are available… considering the scope and the open nature of the main portal and downloads, not using https is slightly better from a performance point of view.
Note that having https does not ensure security, you can still have someone creating a rogue site with a valid ssl certificate.
The example you described in not solved by HTTPS, if the installer would be tampered in transit most likely it would get corrupted and fail at execution. To ensure that you have the same file as the server we have now started publishing checksums - you can use them to check consistency also.
In essence, your comment trigger an action to make the https version the main option for the pages/files but we won’t be closing down http.
I disagree – I don’t think there’s any good reason to run a HTTP site now that e.g. Let’s Encrypt exists. This isn’t just about protecting private information – there are, for example, ISPs which inject ads and tracking scripts in HTTP pages, not to mention the potential for the governments to target – say – a journalist working on an investigation.
If performance is really a concern, there are better ways to mitigate it, such as using a newer version of PHP (for the main portal – PHP 7 and 8 are much faster than 5) running in FastCGI mode. For users, HTTPS performance can be even better than that of HTTP because it enables HTTP/2 and better compression (e.g. Brotli is HTTPS-only in Firefox, at least).
In this case, it does guarantee that the downloaded SNAP installer comes from ESA.
Note that until very recently the checksums were also linked over HTTP, so if someone had the ability to tamper with the download, they could have replaced the checksum file just as well.
we have to agree to disagree
note that I didn’t say that HTTPS (HTTP over SSL) should not be used - if fact I confirmed with the portal team to make sure we use it. I was simply stating that the benefit in this particular case was not immediately evident.
Security is based on risk assessment of the process and/or asset. For this particular case, not having HTTPS was not a major issue. We now have it and we need to make sure we do it properly. I.e. we need to assess the user base and understand which cyphers, message digest, TLS versions and the like to enable and disable.
More than happy to continue any technical discussion in private.
