From: Drak <drak@zikula•org>
To: Luke-Jr <luke@dashjr•org>
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] Dedicated server for bitcoin.org, your thoughts?
Date: Sun, 8 Dec 2013 19:16:31 +0000 [thread overview]
Message-ID: <CANAnSg2OrmQAcZ+cZdtQeADicH3U29QOgYPfP1AQhOMP6+P1wg@mail.gmail.com> (raw)
In-Reply-To: <201312081237.24473.luke@dashjr.org>
[-- Attachment #1: Type: text/plain, Size: 2137 bytes --]
On 8 December 2013 12:37, Luke-Jr <luke@dashjr•org> wrote:
> Encryption is useless here. We want everyone to be able to download Bitcoin
> clients. Binaries on sourceforge are signed by multiple parties using
> gitian.
>
> > Decentralization:
> > So long as we actually use DNS, the website is centralized :( However,
> > its content isn't (can be forked on GitHub), but regarding the domain
> > name, there is not much we can do against this AFAIK.
>
> So long as someone has root (or a user that can modify it), the website is
> centralised. To really solve this, we would need a dedicated server that
> accepts commands only when signed by N-of-M parties, inside a cage locked
> by
> padlocks with keys held by independent parties, with a SSL certificate
> issued
> by an authority that has multiple parties watch it every step of the way
> into
> that server.
Malicious actors with root access to the server is another issue entirely.
Sure it's a problem, but it is not an argument not to have a properly
signed SSL certificate.
With out one, the exploit can be performed on routers to redirect traffic
through a third party alter the content of the site (like the links on
bitcoin.org to various wallet projects) and then onto the correct
destination. SSL at least mitigates that. For example it would be trivial
to impersonate Electrum's site or whatever, "change" the link on the fly
that appears on the trusted source bitcoin.org via BGP redirection. Now
users will be directed to the scammers site which could be identical except
for domain name and of course malicious binaries.
BGP redirection is a reality and can be exploited without much
expense/effort. MITM is a real world threat, not some theoretical
possibility - reports show it's happening on an unprecedented scale. SSL is
essential - that's a no-brainer. Sure other measures are important, but
without SSL there is almost no point to any of the other options.
SSL is so considered so important that the *HTTP 2.0 spec might be SSL
only*according to recent discussions at the W3C (
http://lists.w3.org/Archives/Public/ietf-http-wg/2013OctDec/0625.html).
Drak
[-- Attachment #2: Type: text/html, Size: 2968 bytes --]
next prev parent reply other threads:[~2013-12-08 19:16 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-08 1:17 Saïvann Carignan
2013-12-08 3:38 ` Odinn Cyberguerrilla
2013-12-08 9:03 ` Saïvann Carignan
2013-12-08 12:37 ` Luke-Jr
2013-12-08 19:16 ` Drak [this message]
2013-12-08 19:25 ` Gregory Maxwell
2013-12-08 20:28 ` Mike Hearn
2013-12-08 20:40 ` Gregory Maxwell
2013-12-08 20:51 ` Drak
2013-12-08 21:01 ` Luke-Jr
2013-12-08 21:11 ` Drak
2013-12-08 23:51 ` theymos
2013-12-09 0:06 ` Taylor Gerring
2013-12-09 6:29 ` Jeremy Spilman
2013-12-09 10:54 ` Roy Badami
2013-12-10 9:18 ` Odinn Cyberguerrilla
2013-12-08 21:09 ` Gregory Maxwell
2013-12-08 21:16 ` Saïvann Carignan
2013-12-08 21:58 ` Roy Badami
2013-12-08 23:03 ` Mike Hearn
2013-12-09 5:32 ` Jeff Garzik
2013-12-08 22:44 ` Gavin Andresen
2013-12-08 23:48 ` Saïvann Carignan
2013-12-08 23:18 ` Luke-Jr
2013-12-08 23:29 ` Patrick
2013-12-08 21:46 ` Mark Friedenbach
2013-12-08 20:40 ` Drak
2013-12-08 20:50 ` Gregory Maxwell
2013-12-08 21:07 ` Drak
2013-12-08 21:14 ` Gregory Maxwell
2013-12-08 22:27 ` Robert McKay
2013-12-12 20:51 ` Adam Back
2013-12-31 13:39 ` Drak
2013-12-31 13:48 ` Gregory Maxwell
2013-12-31 13:59 ` Mike Hearn
2013-12-31 14:18 ` Gregory Maxwell
2013-12-31 14:23 ` Mike Hearn
2013-12-31 21:25 ` Jeremy Spilman
2013-12-31 21:33 ` Matt Corallo
2014-01-01 10:02 ` Jeremy Spilman
2014-01-01 11:37 ` Wladimir
2014-01-01 15:10 ` Mike Hearn
2014-01-01 22:15 ` Mike Hearn
2014-01-02 19:49 ` Jorge Timón
2013-12-31 14:05 ` Benjamin Cordes
2014-01-03 5:45 ` Troy Benjegerdes
2014-01-03 9:59 ` Drak
2014-01-03 11:22 ` Tier Nolan
2014-01-03 13:09 ` Adam Back
2014-01-03 17:38 ` Troy Benjegerdes
2014-01-03 18:21 ` Jorge Timón
2014-01-04 1:43 ` Troy Benjegerdes
2013-12-08 10:00 ` Drak
2013-12-08 12:39 ` Luke-Jr
2013-12-08 16:51 ` Gregory Maxwell
2013-12-08 16:08 ` Wladimir
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANAnSg2OrmQAcZ+cZdtQeADicH3U29QOgYPfP1AQhOMP6+P1wg@mail.gmail.com \
--to=drak@zikula$(echo .)org \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=luke@dashjr$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox