Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Vpjqd-0007rT-1o for bitcoin-development@lists.sourceforge.net; Sun, 08 Dec 2013 19:16:59 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of zikula.org designates 74.125.82.169 as permitted sender) client-ip=74.125.82.169; envelope-from=drak@zikula.org; helo=mail-we0-f169.google.com; Received: from mail-we0-f169.google.com ([74.125.82.169]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Vpjqb-00036U-Lr for bitcoin-development@lists.sourceforge.net; Sun, 08 Dec 2013 19:16:58 +0000 Received: by mail-we0-f169.google.com with SMTP id w61so2635682wes.0 for ; Sun, 08 Dec 2013 11:16:51 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=u1REQH8xnPdiv9nnP2Raoar2G+4y8hBrAPj24TJ0LTc=; b=j2fjlkis3VkMxtSIcxycaR0ZoimK/bjXao1Y0NH/PYMgGwnTgZbqSeoOK09LvUrbgX LhopDttG9yQeWdLtxSSpsQSnt3g3tzLwMJLFeXS5ZESum0IeErbx51/ERluOqb845YTn OUrpX5x9YUhUGmatw7FoGGZoY6bxFEtLG5POfWlDxGWMheXjuBOMOwa5vYQUp+QbQ0mi IPkO1VJXnZvK0vROSZDKUdolFIz1MX6CH9v5q+TaMMwVYw+cjWPek9qjehSqgSwl/DIA K2v11LBgdAxsms0nMtErYMm39KQ+3Y2NPL5KB3TyQ3j7CJBaXlgS5EEHJfMOYY2TYLR3 bSiw== X-Gm-Message-State: ALoCoQnhotx5VkBnu/siVd3JtVdyv7vG5Z5DZj/31GPdhDSihRk9EUofnO3bLWg7O2Op2jc5MFeZ X-Received: by 10.194.236.199 with SMTP id uw7mr2739481wjc.63.1386530211418; Sun, 08 Dec 2013 11:16:51 -0800 (PST) MIME-Version: 1.0 Received: by 10.194.93.105 with HTTP; Sun, 8 Dec 2013 11:16:31 -0800 (PST) In-Reply-To: <201312081237.24473.luke@dashjr.org> References: <52A3C8A5.7010606@gmail.com> <1795f3067ba3fcdd0caf978cc59ff024.squirrel@fruiteater.riseup.net> <52A435EA.7090405@gmail.com> <201312081237.24473.luke@dashjr.org> From: Drak Date: Sun, 8 Dec 2013 19:16:31 +0000 Message-ID: To: Luke-Jr Content-Type: multipart/alternative; boundary=089e01493e44b8f1f504ed0ab856 X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: dashjr.org] 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1Vpjqb-00036U-Lr Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Dedicated server for bitcoin.org, your thoughts? X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Dec 2013 19:16:59 -0000 --089e01493e44b8f1f504ed0ab856 Content-Type: text/plain; charset=UTF-8 On 8 December 2013 12:37, Luke-Jr wrote: > Encryption is useless here. We want everyone to be able to download Bitcoin > clients. Binaries on sourceforge are signed by multiple parties using > gitian. > > > Decentralization: > > So long as we actually use DNS, the website is centralized :( However, > > its content isn't (can be forked on GitHub), but regarding the domain > > name, there is not much we can do against this AFAIK. > > So long as someone has root (or a user that can modify it), the website is > centralised. To really solve this, we would need a dedicated server that > accepts commands only when signed by N-of-M parties, inside a cage locked > by > padlocks with keys held by independent parties, with a SSL certificate > issued > by an authority that has multiple parties watch it every step of the way > into > that server. Malicious actors with root access to the server is another issue entirely. Sure it's a problem, but it is not an argument not to have a properly signed SSL certificate. With out one, the exploit can be performed on routers to redirect traffic through a third party alter the content of the site (like the links on bitcoin.org to various wallet projects) and then onto the correct destination. SSL at least mitigates that. For example it would be trivial to impersonate Electrum's site or whatever, "change" the link on the fly that appears on the trusted source bitcoin.org via BGP redirection. Now users will be directed to the scammers site which could be identical except for domain name and of course malicious binaries. BGP redirection is a reality and can be exploited without much expense/effort. MITM is a real world threat, not some theoretical possibility - reports show it's happening on an unprecedented scale. SSL is essential - that's a no-brainer. Sure other measures are important, but without SSL there is almost no point to any of the other options. SSL is so considered so important that the *HTTP 2.0 spec might be SSL only*according to recent discussions at the W3C ( http://lists.w3.org/Archives/Public/ietf-http-wg/2013OctDec/0625.html). Drak --089e01493e44b8f1f504ed0ab856 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On 8= December 2013 12:37, Luke-Jr <luke@dashjr.org> wrote:
Encryption is useless here. We wan= t everyone to be able to download Bitcoin
clients. Binaries on sourceforge are signed by multiple parties using gitia= n.

> Decentralization:
> So long as we actually use DNS, the website is centralized :( However,=
> its content isn't (can be forked on GitHub), but regarding the dom= ain
> name, there is not much we can do against this AFAIK.

So long as someone has root (or a user that can modify it), the websi= te is
centralised. To really solve this, we would need a dedicated server that accepts commands only when signed by N-of-M parties, inside a cage locked b= y
padlocks with keys held by independent parties, with a SSL certificate issu= ed
by an authority that has multiple parties watch it every step of the way in= to
that server.

Malicious actors with root acc= ess to the server is another issue entirely. Sure it's a problem, but i= t is not an argument not to have a properly signed SSL certificate.

With out one, the exploit can be performed on routers t= o redirect traffic through a third party alter the content of the site (lik= e the links on bitcoin.org= to various wallet projects) and then onto the correct destination. SSL= at least mitigates that. For example it would be trivial to impersonate El= ectrum's site or whatever, "change" the link on the fly that = appears on the trusted source bitcoin.org via BGP redirection. Now users will be directed to the = scammers site which could be identical except for domain name and of course= malicious binaries.=C2=A0

BGP redirection is a reality and can be exploited witho= ut much expense/effort. MITM is a real world threat, not some theoretical p= ossibility - reports show it's happening on an unprecedented scale. SSL= is essential - that's a no-brainer. Sure other measures are important,= but without SSL there is almost no point to any of the other options.

SSL is so considered so important that the HTTP 2.0 = spec might be SSL only according to recent discussions at the W3C (http://lists.w3.org/Archives/Public/ietf-http-wg/2013OctDec/0625.html).

Drak
=C2=A0
--089e01493e44b8f1f504ed0ab856--