* [Bitcoin-development] Secure download
@ 2013-03-02 19:39 webmaster
2013-03-02 21:09 ` Gavin Andresen
0 siblings, 1 reply; 6+ messages in thread
From: webmaster @ 2013-03-02 19:39 UTC (permalink / raw)
To: bitcoin list
Hi,
I am a newbie trying to get my first wallet up. But I have a
security/crypto background and so I know enough not to trust a http
download. But I don't see any other option to download bitcoin software
from sourceforge.
I can check the SHA256 hashes, but how do I verify those?
I am familiar with gpg. Where can I find signatures and the signing
keys? Hopefully, the keys are on multiple independent servers.
Or is read-only ssh/sftp/scp access possible?
Thanks in advance,
Chris
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bitcoin-development] Secure download
2013-03-02 19:39 [Bitcoin-development] Secure download webmaster
@ 2013-03-02 21:09 ` Gavin Andresen
2013-03-03 18:55 ` Roy Badami
0 siblings, 1 reply; 6+ messages in thread
From: Gavin Andresen @ 2013-03-02 21:09 UTC (permalink / raw)
To: webmaster; +Cc: bitcoin list
[-- Attachment #1: Type: text/plain, Size: 670 bytes --]
My gpg key is on the bitcoin.org homepage: http://bitcoin.org/gavinandresen.asc
.... which you can access securely (and see the history of) at:
https://github.com/bitcoin/bitcoin.org/blob/master/gavinandresen.asc
If you're really super-duper paranoid, you could also fetch it from
the MIT pgp keyserver or look for it in the bitcointalk forums
archives.
Import it into pgp/gpg, then you can verify that the download
checksums you have are correct with:
gpg --verify SHA256SUMS.asc
All that assuming you're running Linux. If you're Windows or OSX, the
latest downloads are code-signed and checked for integrity
automatically by Windows/OSX.
--
--
Gavin Andresen
[-- Attachment #2: gavinandresen.asc --]
[-- Type: text/plain, Size: 8914 bytes --]
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (Darwin)
mQGiBEy8srURBADlAamWM3TkgAKyVBVftUsg5aZ3zOA5UAlg+yI/6bzfTkYLtspA
LQ6typamac9re+lqnWdDMa4qVwSmaOMxLOlGhCWWfmA38QprU+ZfuesnxWrVAMG8
TDHLT2vBCa+9iC50soo/imsDqqe6ujm7a+Pd1KSNvFR5KXgEgeEHSiyEqwCg3iAa
DH3lNWzNOgJgi8PUiszqbcsD/2mfNBYJsazYabXcbNdh8VheNnyK2KLUE8Lg1WzU
ld/Sd1gu67oPSFfTiFZ5OBjdHI/XmlFAT4r4eNy1IIf0nELJWWQ6hlzm0a0/DO4b
BUoapjUjAYWDyeeeALDHK7EQboqtwWBlRONyY/+yB9usgbvAK2khRlzBhQonGJEs
FpdQA/9bQzVgpEE1q/ZSnvLp0nOFA3E51SS9uvGGnAdQMjwDp7iGBzh7gRz4ko1k
LG3Sa5fNe21VvlKFcMTaZN9Pd5fDd7gEoDkjUDlf9lRX+YT5zf+SSoeCIGuNMVzs
f8Z2H414dYDOJPBkhYWcqFhGhz11QtWgug5n8GaewC2YOiPU8LQoR2F2aW4gQW5k
cmVzZW4gPGdhdmluYW5kcmVzZW5AZ21haWwuY29tPohmBBMRAgAmBQJMvLK1AhsD
BQku/geABgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQdYgkL74406h8rwCgyMwS
bwfJ+t3B2IRbhnDIsLo4UtAAnRqMmznLBNLe97fbWYjkcgiAkr2UiEYEEBECAAYF
Ak27fCgACgkQl4dAZyhxEe45KACfTqAoiv2rN9ldH/+raMK00+YH8dMAnjVTISQC
sKdTAx+mSRFiwwihwoddiEYEEBECAAYFAk5So7UACgkQxahj/GpMqhTOOwCgr5LT
x36zFHXpooPaoALP4Sk6j94AmgIJXMR8LBmpkomNWqEl5k3hWf3WiEYEEhECAAYF
Ak6JJUoACgkQ5/k4vslVlLLjUQCfT2t7n7wIE0V/H8ZITuyIb4/YMxkAni4uJXXq
9OMoOOVbdUpEgx0FOA6qiQEcBBABAgAGBQJOGL1xAAoJEHNq4Lhm3vtS8MEIAI0w
dw9FpjQWQ1k98+Z8gLs3HFB/b1sVH7wgeLqpY+5k8t//wCZBusQOUnzADqZsCdap
qx1xdlECfcX8LL4SmM/rwfxBye0wGTLk7ebZbNmA1uE+jGfXm0g7UZbL1S49+N1E
exh06eW4h49mv9XGaaoMt1+JzMyPcnF9/cGnKVN9+ltczzWwYaGyRe8dDdGzJ+CQ
NIqLpCNqBMkcY5ROdVJgfg2XrupqCrrf7IMcfzqtINPTwYdOQrUEv3H1CpOKTFe4
1kTfoioTuqMUQ1cLsJoEzV8tBSi+eTQ8q86s73JCCS4S7mzaV9woh8R0Pkimbpe4
SpoOD5Bad1Y7np9NUv2JARwEEAECAAYFAk7qbCwACgkQdIELASNGyabnkAgAnGec
QXTwy7HU4fo1nu61grtNk1MUSSYCk3Aq/Zg4jRTKs3TMw8HMu8x8CLBXMNv9ZxFg
zkL/SUDh9WxLONA62M+iTxm+SgOsXyVlgNM5+Ez2WZLUtaQfJpaR9R0IVLpiBrW6
cLb6KOcOInvh8hhbYNJk5NFFlmbHHkNd4C28QYtPuHRK3nPzIQ8SNtiLEqzrvT+0
C256bFJOvFlIy/TMj0YpBzNq2pf/PqGrZGxP84ZSEWKNU/foyC27M9Bx8coWX3Yd
OIM5KRHpH3yqYcklxvL/+vXCLyzWDUHcnp3Pqg/nWHkhQNhJnLdNcpELjMP/axy6
WNxrWs1QddLYhi1nb4kBIAQQAQgACgUCTq9S4QMFAXgACgkQqdCZPgQUM2LT7Af/
ZxRy+/w6Iqac/VlyGxIV8wyv03dAHsKvI4LZoCuOFtopeky4tHjp3zPaI7o6goVE
bK1l1Z9uKc7T57dbnOEwlyF+bImkfBMgecCjiA51ru2sGluzqJyQPF2vG/pMH/m8
pcoATYhDLyM51EQ7P/3d1q2GCi1PCHZschc2sfOoz6bS2Xmx0IahKO1m5Im+rX3M
2RmJ0cAgaqhwtalXiHEd7sYfbNlu3AL9g2sRsXQOgV8fgrDS9UlBHrOtgEnzl7Op
nRkbq90F99fHm8aYryUwUg1MGXHFHV1CjKmXHBMJXLi9uul4xj/UPy0i/WIFCvtP
goi7YV/dVT57JSsA4UD3dIkCHAQQAQIABgUCTeFcygAKCRAa4dNQQ+COVDJCEADI
IcTkaEqQXKNIvLgIdjloMZzzJLCk6wZac69W2imflNwdkFjikulbzGbZ28w67Fms
niksYnQPdI3fKL4u+I4jORr4bEW/JY/ZfoZ06JsmJCGnkfUtkOzGLXlBtx1KDcQ3
GVex8gNicS2sP8Kn49JsrrjNL9RC0un41ufjoMJ16quO+DurpELRyWzlqPUyepKw
mcmDPypa2VI/Yl5fO36AG0U9ICZl1dQlWR+4qvHH2ivlSbdXw5e+jhRsfZEYDM9F
MYXbEI9OWiUNhcNzSpJ51Y0bSlraxbhDo/ctHl/9O5T5L1tZO7fGYHgzt4OSxpjH
6LBpocyD77zKvcHZsOLgvVKiJ4T8sTkMEv0vnAqh9OBgVPRefcjyIx8nIyWL66M9
hi/FiK0jwkNgpWef05KSfTHeXKNHl0+Fl8UtE6/VZ+BdeI7Zc37oAmbxX8Rl/1Ou
/ko5cJVCrIjVwwB8M+NvxJsPLZ/FSJVPZGy2+epwcl0PZANcI7/oCwoS9VCJhTiO
ZAUnnP3rKkmfNcu+ODX4HM+bSCKWQvZPivAn4LrzNyZnLjHeeZrOEbPt6WkvIXmQ
ORUaYHEV/eFYJWc54S7mKS+xXOVEOmRyCK/szfB0yec37yeF8Ddn0llk8TJ1gxrw
OSizxu5ugbKmJuwnbX/O9QGqByA91tC57fBDocEkYokCHAQQAQIABgUCTevzkQAK
CRCcxbkull1pqQ1KD/0VmN/S6yHnHEZZeFJOnNIDOGS1p0UsB4OOLMuA1TLjuWuO
xNXKsTlyTBQyjFHxTmasC9IpUgt501HhLiXEblAZi/SL7U4hbJyP4eeDFCBJEG+P
jEK2KWPWVBUubmLqdAQ093d2hgik+gzBMMEtGdXSyivIV/vgFeEXemDI7zZOBrcr
tq1fDIOiliCKAYzWIZltCt/Mb5u9BY+k7Ny45Nt9olYeDDnPzerNZbqAZor4ndZM
Z3feux2IzNcW8rk1plJrP2vVeWgVt9kKCmQyY8ctcaA4B8G7T4wZC2zaryFeygVq
wKswdUqvvnsSRQqimCnCkBHHzzcJuvDEcOUFZL09pwIaIH9RZKPomLJvsYhouONr
pKyUYiaCtyV3t0jQTaQi8ASqkowY02XGPxbDw0hHsJHWsPjemNzi7HZoItqn9D9G
8L3dbpoeWRUjk3BjgZczHA+U/esET6jZO6AZYi6cbTPLSAe5ZJFuNyQYt6MWBxtK
QJaxtpOYxFayy8joY2ZSeN/1YYKF52GB59J0rjZ7vvgQd3JbmpJLpQTabJvhIrR8
WeaoWiIDYW1HUXFKEAqEPxnMMc8N3RMHnhaCz9FuZq1o/VR+3SwSdB17Jidl9/KD
jtgRiWZQHrcX18dY8LbQwf8AGyLZWrQtNhcvkUzT1/UI+YD/R3S3wo00I2oidrkC
DQRMvLK1EAgAy3S2DxBcM/QxDB6ECA/1EhukAT/C11VgsvvOGlrEf0jD9pOwZqrY
gRDgGb6vY03+P+lqGJFPvrw1IqtkHn5gp1EnzYg+03FQEDput9SoO05AkFN02WOa
8yfAwKIdg7zLmIVla9IK75SXBesdANv2KKX0dQTu0javOy6Bv2anWxYIozTXjwVx
HwxhtE9HYF5GQCrH+r/64EGFo0oDsdY5/3B+6KaLpuMchi1QxPrFN2igVMGljldY
S1B1lcIAuxcF7Pp8Vj1YrUeEYummBpRU66pfQ260IqWsmxU0bG3ZQq0hKcM+bCiv
xRN2kUqOfvl+n4+fdLjhDx7bvUQ7QXAnjwADBQf/f4Qs5fDlWREdn2sjk8AmrmG7
f9tQ/kb0Ceu2xTDIj8RIFnMrnmZqRdmeSl3Otc/JjGvN9cFDXZJHK9gUq9hRCAK5
aaMp8GBz3iss8tYYYV8Xcu7jjm4nIDzJzsfeGUbr3P8Q/CzAy20NraQGZ/kwl78B
O37yMTgp6+iSlJndhqUClZxUm30vbaN6SJp2XvDi8KBaAV0NwgVYiaOb2C1Bxx/j
oCLNvD1fvH3EFSU1EKZAzozYN3zxXfP2Bs2hOefjE6mnK+VaEkemlMHjKUQhRzW+
TxL/x7GOpuEOcqVyQTMFmWZQ7YjyZ502lj8AmSxaI98xBNlYFRkrqMVDA4rD0YhP
BBgRAgAPBQJMvLK1AhsMBQku/geAAAoJEHWIJC++ONOoMQkAn2t1BRd9TteFCpp8
riRVE4opPmAbAKC4guQeg4TduXyUSloXb4odoUFq15kCDQRO6k81ARAA0CgPXUA9
mag6L2mI8vprK5OA4UT4bsiX4YyXaqlYnpTMBSBlWgiBLd7LykH9Gk9h90fl/nbH
EN0Ez+zCQe1r+ZEHg3bK1tOWN+sqJWBh8hX/WLPsZV5307wRoR3mJCD5btG30OPK
y8ahkPXszNJPwaGLLtSrSzv/weo6KZtLaGn4rfMPn2ZRFheMwEOGGJ+D3YxcRNga
5AI6W6jOn8ivlmDTBfpBhIvyleEa46OAzX+qLlT7GHRvU16TEcHl1oLoCw/s2z5n
bCDWqKEp7pOtLhHTYK+E3KZE84yZX1FDZ0eTF2EZBG+32fvKvSDfxTgAVkddHNRO
olwl4GaclOd5XXqNC6jmJa29tcpb4mAn2gE/OxqRcwWgAFJUsbG9HH3l3YPuneRP
Y5I9b3jBCD2ylkp+YJuAZ56q+Kc29PTIG33hBHgZfeNGMBXe9iKCf38CWmp2g4n7
Nt8DHrLZw7Xh3wn05zKPTUo7cB1Piraul1q3KdvLoHKlwaixH9RnTzwbKoicYq0y
QBj/FzFcyehjvMYpnVOGto6Q8ZrpuZQgE7vVbNNCNLaaw/lQbctNNG0lIu/tbogm
o2Nee+5YT+iXvPM7pIvVOmCSQGAULXQL0Ck7LMoKE2DNACeGiR/kR/iexA48raje
liW64XConsLhVJKm+9by9t2j48JTUaiASFkAEQEAAbQ7R2F2aW4gQW5kcmVzZW4g
KENPREUgU0lHTklORyBLRVkpIDxnYXZpbmFuZHJlc2VuQGdtYWlsLmNvbT6JAjgE
EwECACIFAk7qTzUCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECnZ7msf
xzDBg0kP/2rbD+Vv29uKl4CYDGt/ChI1HlffIgCCv2EnFEnezM9ajBWdOxphWpaa
2CcrMtbA4YiwLPmAOQXE3Q+0b2uVMlGbpS8fqP1lxAGaTHhuxiI4DjkM10KgvKSG
q8Wxyv1sl7l07IfpeUHYHcaOGCZ8Y4ylDzdxvkmUY0QXPjzJnnvmfJmrjgKl6hg/
NmTEdg2Mx3pxLiduEhtvUfIv3rWoc3VtYVXwD07FPJkofoRCJtWHrVIh91uD3efW
eyxNqMzbUSFe5AeN9195cBg52KEOzaLMKGJo8k6opwlxS1zVo8l9R3x9uowh+Exn
9rCXf65YmhupdZvXegibpAkuiwiaBX2ojNXsEFDuqsIWWpyqUgb8uEMRfSdyf+lJ
XXVhvn9GbQot08v/CAcaHlAv2Zc7Dimu3JDYn0N0QyeOOs9Z5iKvTcbC05m/j7+y
V57lT/AzZjZIh/TumNRujFVilZLvcal5YKwE9JOQcJ6sFvvG66Bx8nZv2tIqk3tJ
B9SIJ7z6nYR3N5BwHluJcU/BDFXhyT5qAntfBKVclGEMVeITAflJHkFUT+5fixAs
tkzBvBSkXA9VzzmfZ+zTCYMUCLC/+begYVT18Rcuemek0miknSCQXYbcgV7Ogjb5
TW851EFgznxRZc61HNuyDLOjzhkiY2qsULjwwhyhbuh8cytYzas9iEYEEBEKAAYF
Ak7qVlsACgkQdYgkL74406gS6ACeIp++Yb5wnAf4SpPj2s3ArhE9+VUAoN0iL0dq
0eUvj4LiDSPUNB+UHhhpiQIxBBMBAgAbAhsDAh4BAheABQJO6lEpBQsJCAcDBRUK
CQgLAAoJECnZ7msfxzDBlHcP/0LfIH1RTd+FTz+wdiWH7KiSJJthH1iLtnBKb6F0
5iM+GXeGflJkJeSbcQUoHtcdyjVqVZdM9Af73C7HoMz1b4moBlfCFb+5lWTqZvxc
AU0eXTyum2afXOhu88PQVYdPwPJNNBEbHFNnllG/FtEn7BAm1JsAUpehkI7iNPqY
bzD6xyi+aZ/yZWfNSHbeOXLAgzxH0NFkvfxYusLijNmTwoBO0ZbzYeE7SOSMdUdU
UmEHv22lv9m4RtrrdRbslhuphPJXnG6ITaP1o9NhCMth8M2P00v1rfLWA3noS9WX
6gU6CUWd7er7u8uQYR5PKFxPWK1AL3tc4yz4+iZFW9f/3PmJRDAW2x7vH08LWqM1
XSvK3sa8Akz4mgLIXxBOAoGkyPUswpTEhICIL8vsxTYhdIjwhlLfiTZdDFnJCChC
2dLi/iDc+Edw64m4UMI5vq2DTzNF2X2HFBQMjeim/zWKwZzAB7apT5TZsDOztXJA
VD9LRwoKzgNpefGQclbAXP9PoeE/1jBNRpSZiYSx3MWdSbmoGK/KWMh+6isR+hhk
kziOGK6a1S8hN3uQBT5l9g88g0DIh0E9OA3Ns+LfydQBcqpKN2DzrjYDN5Q7YBhs
/6yuU3cM5ZinaddwKsc/LuQWHFFJeibNyj2Lta4XirORkXI2US+D3iduHQYCcZti
JuCpiQEcBBABAgAGBQJO6m08AAoJEHSBCwEjRsmmNIkH/1NzEGLPr0LoXV24VHTr
JMRFIVmRwoEIO9+URyhCa2gt9BEE4RSQ46Azx5RbWCaHYUAJ0GFucttsQUGXbwSA
qd4xaBF6pGsINqyUcTCBcFQmiY910KHZSuGJLB/Hg5K3ZTlC17+IXJRaPXXkL7Ti
jbJ6KO6uHnVGGA5CM+ss7x9ZgnXff94DrXpnyldWalIoqVhjyxPe90727rvyeuWg
X9tLn7e8BKw2Ld8n+jilT4rvGD321CeUvljz7stQrwqx1lnQaWR9/fmEc63B2fW0
HjaGMLvjPrdmGDB5aso7GQszOk2qmzYeKBm8+/6VrBG2GP+RHIVjmtJ7t5W+9UmA
Qs25Ag0ETupPNQEQAKMfFa0+dyXJFpk+uQR0E+gT62x0UlVStUy2V3BCHMerPJWF
FySgLwKTyui0+L1I9X+PaPBzuSPhadbWUZg96YogNrXxY7/xD/q1DkBIZMWEiPUX
oltI6rRRrrqTIuIVmpZN/yrSv64q03s6A0XabhCPJpXEPdTTfptNBbcm3tgRLSKi
aBUXiUAeTA/HAHmM9281e1WyDhyVD51zb24l1S6GC+e/SOLJDdgFSt1ZbhrjF7b0
oRH/AIkLS5DToAkV4PreVBpwBfYTVZpNMz3UOvPOfkG8/vFeJY+xmM+8I1YPGgsn
p5JBgtQh8ROu9OuEf8Gmkc9hZ+EA8ZGElgIbiSagZ14z8qlnAXjpKqA5DRADlW1z
VLVj0rUTmav7PtBMwe5MtaxS9e/ojbhcA6DEvjVn5CUo6akmZEZRnxfaKRd8CScm
noHUU+1MHNd6kEg4E/z/udQUPrNzxiu06Rrb443rdHSEls97q+ortpNOmOtD6Tsf
f8w2F63wAiUM0jpzD8cLDUlt9HcXkbkfW8GLxxsHyzdH6nnKYycufpQtcaDAP0Bo
TJi1q59vk3nC5IsfCu3cmI0YNwlSAliHIAPHPnNYkOrqidNSlqfQRi5YeD/42G4H
BriIBJBkq4k+JtWBWl9eyx9cSeV1jaOuiG3HPlhQFWiXTunWaeaipdYfnqOlABEB
AAGJAh8EGAECAAkFAk7qTzUCGwwACgkQKdnuax/HMMFmbw//bgskeTV+NcNMk7fl
KCWNlMOXp3bfxeA3UyIJbPjxzyYWqvf79ASXOWJRaqtlZE6458NzCE+b7V6febwv
qgq5AvDZW3gdFP1TssAbKVykGaeLkJkbitD5ZF5dkaknuOu5ogr2JIekUgBT2zrm
vOwnk7XSClFN9ozKDUwkF31EvLeb38iTXU3UxMpmlYBr/3P3dpTWzlcWBdiwEhO4
f9F/DwpnDRR9DzIwIS8ufHCDnyu24XD9ZdUGtWQ39Nwj5QylZpzn8lV4Ja3PJ6K4
PEsSdkMeY2XOpuPfmSHDUr/Pbhs5wiIg9REoRZGQtshsK6Ktba7TCjAT6KsiZi6T
XQ5H8tDyA6iY+9SFY0VEJM3VztKYWG0qTOAKVyFykI7PybfhD3kJsNxbt8xUtYwR
qWFCfF5JH5QWK7D2S7aXhEPvGOXwh3eitQrEmGqX0ntqD/nMMJHfjKfoPnu3EhRw
PDrDaaH8iWUgSyfVYH3tpIc7Ah7uUXboSCxQLndXh5OwGsD4rfGMZAYNIhRgRtey
qvkaZK8jmVdwYSN7AOtMbUsyvG0nuw+tYf9IpME8vM3FT1aw3Q+kgQdpZExUeTXi
sd2ZgJA13csMt6oV7lO5G+j4f/l0Xx1tkr9toil5FSRVIgrkmA1nhcKGXInAh1ia
80ggoWu0sSl50HlpOWEGJukmbFw=
=7mXQ
-----END PGP PUBLIC KEY BLOCK-----
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bitcoin-development] Secure download
2013-03-02 21:09 ` Gavin Andresen
@ 2013-03-03 18:55 ` Roy Badami
2013-03-03 20:02 ` Gregory Maxwell
2013-03-05 12:37 ` Roy Badami
0 siblings, 2 replies; 6+ messages in thread
From: Roy Badami @ 2013-03-03 18:55 UTC (permalink / raw)
To: Gavin Andresen; +Cc: bitcoin list
On Sat, Mar 02, 2013 at 04:09:38PM -0500, Gavin Andresen wrote:
> My gpg key is on the bitcoin.org homepage: http://bitcoin.org/gavinandresen.asc
> .... which you can access securely (and see the history of) at:
> https://github.com/bitcoin/bitcoin.org/blob/master/gavinandresen.asc
Would be nice to have a secure page at bitcoin.org, though, rathar
than having to go to github - certs from somewhere like Namecheap
should cost you next to nothing. For those of us too lazy (not
paranoid enough) to bother with GPG, a (secure) page on bitoin.org
with the MD5 hashes of the binaries would be awesome...
roy
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bitcoin-development] Secure download
2013-03-03 18:55 ` Roy Badami
@ 2013-03-03 20:02 ` Gregory Maxwell
2013-03-03 20:25 ` Roy Badami
2013-03-05 12:37 ` Roy Badami
1 sibling, 1 reply; 6+ messages in thread
From: Gregory Maxwell @ 2013-03-03 20:02 UTC (permalink / raw)
To: Roy Badami; +Cc: g, bitcoin list
On Sun, Mar 3, 2013 at 10:54 AM, Roy Badami <roy@gnomon•org.uk> wrote:
> Would be nice to have a secure page at bitcoin.org, though, rathar
> than having to go to github - certs from somewhere like Namecheap
> should cost you next to nothing. For those of us too lazy (not
> paranoid enough) to bother with GPG, a (secure) page on bitoin.org
> with the MD5 hashes of the binaries would be awesome...
While I think that it's silly that we don't have a HTTPS (only!) page,
it should be noted that an HTTPS page is in no way a replacement for
GPG, sadly: Anyone who can MITM the server to the whole internet can
trivially obtain a fraudulent cert with only moderate cost and time.
(The reason for this is that (many? most? all?) CAs verify authority
by having you place a file at some HTTP path on the domain in
question. Effectively the current CA model only prevents those from
intercepting who cannot intercept the traffic generally. Basically
only helps with the evil hotspot/tor_exit problem.)
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bitcoin-development] Secure download
2013-03-03 20:02 ` Gregory Maxwell
@ 2013-03-03 20:25 ` Roy Badami
0 siblings, 0 replies; 6+ messages in thread
From: Roy Badami @ 2013-03-03 20:25 UTC (permalink / raw)
To: Gregory Maxwell; +Cc: g, bitcoin list
> (The reason for this is that (many? most? all?) CAs verify authority
> by having you place a file at some HTTP path on the domain in
> question.
IME most CAs verify by emailing hostmaster/webaster@ or one of the
contacts in the WHOIS. But you're right, still subject to a MitM.
Still better than nothing though.
I would have suggested an EV cert, but that's more expensive (and
still far from foolproof)
> Basically only helps with the evil hotspot/tor_exit problem.
Also helps protect against DNS spoofing attacks, but yes, you're
right. I should be checking GPG sigs but I'm lazy :-)
roy
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bitcoin-development] Secure download
2013-03-03 18:55 ` Roy Badami
2013-03-03 20:02 ` Gregory Maxwell
@ 2013-03-05 12:37 ` Roy Badami
1 sibling, 0 replies; 6+ messages in thread
From: Roy Badami @ 2013-03-05 12:37 UTC (permalink / raw)
To: Gavin Andresen; +Cc: bitcoin list
> Would be nice to have a secure page at bitcoin.org, though, rathar
> than having to go to github - certs from somewhere like Namecheap
> should cost you next to nothing.
And Namecheap now accept Bitcoin :-)
(Complete coincidence - I didn't know that when I posted)
roy
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-03-05 12:38 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-03-02 19:39 [Bitcoin-development] Secure download webmaster
2013-03-02 21:09 ` Gavin Andresen
2013-03-03 18:55 ` Roy Badami
2013-03-03 20:02 ` Gregory Maxwell
2013-03-03 20:25 ` Roy Badami
2013-03-05 12:37 ` Roy Badami
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox