There is really no excuse for not using an SSL certificate. Without one it would be trivial for an attacker to change the contents of the page via MITM.
Recent studies have shown MASSIVE abuse of the BGP routing protocol being used to redirect websites through a third party.
This is not a theoretical attack, it's happening every single day on a global scale and could be used to divert users to a rogue versions of software.
It's just a matter of time... it will happen sooner or later given the incentives it could bring...

Recent references:
http://www.theregister.co.uk/2013/11/22/net_traffic_redirection_attacks/
http://www.wired.com/threatlevel/2013/12/bgp-hijacking-belarus-iceland/

The only way to mitigate these MITMs is to use SSL.

Also it's about time we hosted the Bitcoin Qt software at Github. They have a releases feature where you can upload a packaged release (see https://github.com/blog/1547-release-your-software). There are also no adverts (another privacy leak at the least) and many feel are more trustworthy than Sourceforge: it also makes sense to have the downloads where the source is developed.

Regards,

Drak



On 8 December 2013 03:38, Odinn Cyberguerrilla <odinn.cyberguerrilla@riseup.net> wrote:
Hello, re. the dedicated server for bitcoin.org idea, I have a few thoughts

1) I have commented in a blogpost of August 2013 at
https://odinn.cyberguerrilla.org/ with some thoughts relative to possible
issues with CA related to bitcoin.org - where I mentioned something
relative to the DigiCert certificate,
"DigiCert “may revoke a Certificate, without notice, for the reasons
stated in the CPS, including if DigiCert reasonably believes that” (…)
“Applicant is added to a government list of prohibited persons or entities
or is operating from a prohibited destination under the laws of the United
States” (…) “the Private Key associated with a Certificate was disclosed
or Compromised”"
In the same post I mentioned
"Bitcoin.org has no certificate, no encryption — a situation which has its
own obvious problems. Bitcoin.org currently sends users to download the
bitcoin-qt client from sourceforge. Sourceforge is encrypted and has a
certificate based on GeoTrust:
https://www.geotrust.com/resources/repository/legal/"

(Currently (Dec. 7, 2013) bitcoin.org shows as 'not verified' and 'not
encrypted' examining it in a cursory fashion w/ Chrome)

Not sure how this would work, but it would be nice to see the content at
bitcoin.org encrypted, of course, but also further decentralized? how many
mirrors are there of bitcoin.org - not sure, but a few things that come to
mind when thinking of this are Tahoe-LAFS and also .bit stuff (namecoin).
There are many ways to decentralize something but that is just something
that comes to mind.

This has been discussed at https://bitcointalk.org/index.php?topic=16312.0
('Is Bitcoin.org a weakness of bitcoin?) in the past and see also this
https://bitcointalk.org/index.php?topic=119652.0 which discusses mirroring
of certain content

Some things to think about.

> I would like to know what are your thoughts on moving bitcoin.org on a
> dedicated server with a SSL certificate?
>
> I am considering the idea more seriously, but I'd like some feedback
> before taking steps.
>
> Saïvann
>
> ------------------------------------------------------------------------------
> Sponsored by Intel(R) XDK
> Develop, test and display web and hybrid apps with a single code base.
> Download it for free now!
> http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>



------------------------------------------------------------------------------
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development