Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Vpky2-0002hz-2E for bitcoin-development@lists.sourceforge.net; Sun, 08 Dec 2013 20:28:42 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.219.49 as permitted sender) client-ip=209.85.219.49; envelope-from=mh.in.england@gmail.com; helo=mail-oa0-f49.google.com; Received: from mail-oa0-f49.google.com ([209.85.219.49]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Vpky0-0006wj-RG for bitcoin-development@lists.sourceforge.net; Sun, 08 Dec 2013 20:28:42 +0000 Received: by mail-oa0-f49.google.com with SMTP id i4so2943154oah.8 for ; Sun, 08 Dec 2013 12:28:35 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.182.243.138 with SMTP id wy10mr62958obc.83.1386534515354; Sun, 08 Dec 2013 12:28:35 -0800 (PST) Sender: mh.in.england@gmail.com Received: by 10.76.92.72 with HTTP; Sun, 8 Dec 2013 12:28:35 -0800 (PST) In-Reply-To: References: <52A3C8A5.7010606@gmail.com> <1795f3067ba3fcdd0caf978cc59ff024.squirrel@fruiteater.riseup.net> <52A435EA.7090405@gmail.com> <201312081237.24473.luke@dashjr.org> Date: Sun, 8 Dec 2013 21:28:35 +0100 X-Google-Sender-Auth: Bfq7yLHPIBPf8Cna_2uXv6d4YLk Message-ID: From: Mike Hearn To: Gregory Maxwell Content-Type: multipart/alternative; boundary=001a11c2a12041b27d04ed0bb96d X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: doubleclick.net] 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1Vpky0-0006wj-RG Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Dedicated server for bitcoin.org, your thoughts? X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Dec 2013 20:28:42 -0000 --001a11c2a12041b27d04ed0bb96d Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Issues that would need to be resolved: 1) Who pays for it? Most obvious answer: Foundation. However there's currently a fairly clear line between the foundation website and the bitcoin.org website. I personally am fine with the bitcoin foundation funding the website, it's a lot closer to the bitcoin community than github. But some people might care. So next step would be to contact the Foundation board and see if they're willing to fund it. 2) Anti-DoS? I assume github handles this at the moment, though I doubt there's anything to be gained from DoSing the informational website 3) Where does the server go? Ideally, a hosting provider that accepts Bitcoin of course! 4) Who admins it? 5) Who controls DNS for it? Right now I think Sirius still owns DNS for bitcoin.org which is nonsense. He needs to pass it on to someone who is actually still involved with the project. Again, the most obvious neutral candidate would be the Foundation. So I think it's a good idea but there's a fair amount of work here. The primary upside I see is that it opens the potential for adding interactive/server-side code in future if we decide that would be useful. On Sun, Dec 8, 2013 at 8:25 PM, Gregory Maxwell wrote: > On Sun, Dec 8, 2013 at 11:16 AM, Drak wrote: > > BGP redirection is a reality and can be exploited without much > > You're managing to argue against SSL. Because it actually provides > basically protection against an attacker who can actively intercept > traffic to the server. Against that threat model SSL is clearly=E2=80=94 = based > on your comments=E2=80=94 providing a false sense of security. > > We _do_ have protection that protect against that=E2=80=94 the pgp signat= ure, > but they are far from a solution since people do not check that. > > (I'm not suggesting we shouldn't have it, I'm suggesting you stop > arguing SSL provides protection it doesn't before you manage to change > my mind!) > > > -------------------------------------------------------------------------= ----- > Sponsored by Intel(R) XDK > Develop, test and display web and hybrid apps with a single code base. > Download it for free now! > > http://pubads.g.doubleclick.net/gampad/clk?id=3D111408631&iu=3D/4140/ostg= .clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > --001a11c2a12041b27d04ed0bb96d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Issues that would need to be resolved:

= 1) Who pays for it? Most obvious answer: Foundation. However there's cu= rrently a fairly clear line between the foundation website and the bitcoin.org website. I personally am fine with = the bitcoin foundation funding the website, it's a lot closer to the bi= tcoin community than github. But some people might care. So next step would= be to contact the Foundation board and see if they're willing to fund = it.

2) Anti-DoS? I assume github handles this at the moment= , though I doubt there's anything to be gained from DoSing the informat= ional website

3) Where does the server go? Ideally= , a hosting provider that accepts Bitcoin of course!

4) Who admins it?

5) Who contr= ols DNS for it?

Right now I think Sirius still own= s DNS for bitcoin.org which is nonsense.= He needs to pass it on to someone who is actually still involved with the = project. Again, the most obvious neutral candidate would be the Foundation.=

So I think it's a good idea but there's a fair = amount of work here. The primary upside I see is that it opens the potentia= l for adding interactive/server-side code in future if we decide that would= be useful.



On Sun, Dec 8, 2013 at 8:25 PM, Gregory Maxwell &= lt;gmaxwell@gmail.c= om> wrote:
On Sun, Dec 8, 2013 at 11:= 16 AM, Drak <drak@zikula.org> = wrote:
> BGP redirection is a reality and can be exploited without much

You're managing to argue against SSL. Because it actually provide= s
basically protection against an attacker who can actively intercept
traffic to the server. Against that threat model SSL is clearly=E2=80=94 ba= sed
on your comments=E2=80=94 providing a false sense of security.

We _do_ have protection that protect against that=E2=80=94 the pgp signatur= e,
but they are far from a solution since people do not check that.

(I'm not suggesting we shouldn't have it, I'm suggesting you st= op
arguing SSL provides protection it doesn't before you manage to change<= br> my mind!)

---------------------------------------------------------------------------= ---
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D111408631&iu=3D/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment

--001a11c2a12041b27d04ed0bb96d--