1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <drak@zikula.org>) id 1Vz1Xd-0002VH-9k
for bitcoin-development@lists.sourceforge.net;
Fri, 03 Jan 2014 09:59:45 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of zikula.org
designates 74.125.82.177 as permitted sender)
client-ip=74.125.82.177; envelope-from=drak@zikula.org;
helo=mail-we0-f177.google.com;
Received: from mail-we0-f177.google.com ([74.125.82.177])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1Vz1XZ-0002F4-QT
for bitcoin-development@lists.sourceforge.net;
Fri, 03 Jan 2014 09:59:45 +0000
Received: by mail-we0-f177.google.com with SMTP id u56so13399847wes.36
for <bitcoin-development@lists.sourceforge.net>;
Fri, 03 Jan 2014 01:59:35 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc:content-type;
bh=YTRPnpUCy1Ei2Ailbzp3Sd+F4Ei/tCpOCrpdvjokhW0=;
b=KfutfREBShszfkDnWmRoBYpRw/o6OZ3LfP26YiwzDtUc3geltOGf2qqC8c05YDLsl8
mF1/RN3f2nunSY/9+RsINBYaPZCUdinAMGZV/L9Jodj3YmtNJjB6/bV2ljn8ce2dwEK4
U+QlmkwG3fl56Fz737LLJEL/LDkSIb6Mga2WeFdJHZUPDVcElcoXwzp3vwHydovRBAMM
6n/v6dZzY59jxByLb+87B5jwOnunYAQ7C3X4hRZ6KM3EMoCvXgDYTTmo4mgKGUeXkDnx
aNGhQZ65loYCBDJOEk98e2d+AVIwuQz8t3WRgLGwvzt/9tKR3elEEowa8Uphmffb9pOB
Fpsw==
X-Gm-Message-State: ALoCoQmKEckZmPEoBZXcbvZGKXaT7QrlNI+M7u1VRxNUlEdEnK41/iWS0Nforo8aXjvXpCVRjHJn
X-Received: by 10.180.160.166 with SMTP id xl6mr1140205wib.43.1388743175541;
Fri, 03 Jan 2014 01:59:35 -0800 (PST)
MIME-Version: 1.0
Received: by 10.194.30.8 with HTTP; Fri, 3 Jan 2014 01:59:15 -0800 (PST)
In-Reply-To: <20140103054515.GL3180@nl.grid.coop>
References: <52A3C8A5.7010606@gmail.com>
<1795f3067ba3fcdd0caf978cc59ff024.squirrel@fruiteater.riseup.net>
<52A435EA.7090405@gmail.com> <201312081237.24473.luke@dashjr.org>
<CANAnSg2OrmQAcZ+cZdtQeADicH3U29QOgYPfP1AQhOMP6+P1wg@mail.gmail.com>
<CAAS2fgR0khyJxmz9c2Oc87hOFgiNuiPJuaeugGajdo_EcKEW9w@mail.gmail.com>
<20131212205106.GA4572@netbook.cypherspace.org>
<CANAnSg3nPhrk2k=yDKf39AuBQnSuTWJbgANdMhGe=soiOy0NTw@mail.gmail.com>
<CAAS2fgTmWRMxYweu3sNn_X7grgjUqTQujM-DbZRxG_YMZnD=7g@mail.gmail.com>
<20140103054515.GL3180@nl.grid.coop>
From: Drak <drak@zikula.org>
Date: Fri, 3 Jan 2014 09:59:15 +0000
Message-ID: <CANAnSg0esEMQ+G=9F2zK6okcewT6NdYBFnXHmyHz8VR4AAp0nw@mail.gmail.com>
To: Troy Benjegerdes <hozer@hozed.org>
Content-Type: multipart/alternative; boundary=047d7b66f9cba9aa3204ef0df7eb
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
X-Headers-End: 1Vz1XZ-0002F4-QT
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Dedicated server for bitcoin.org,
your thoughts?
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 03 Jan 2014 09:59:45 -0000
--047d7b66f9cba9aa3204ef0df7eb
Content-Type: text/plain; charset=UTF-8
On 3 January 2014 05:45, Troy Benjegerdes <hozer@hozed.org> wrote:
> On Tue, Dec 31, 2013 at 05:48:06AM -0800, Gregory Maxwell wrote:
> > On Tue, Dec 31, 2013 at 5:39 AM, Drak <drak@zikula.org> wrote:
> > > The NSA has the ability, right now to change every download of
> bitcoin-qt,
> > > on the fly and the only cure is encryption.
>
> No, the only cure is the check the hashes. We should know something
> about hashes here. TLS is a big pile of 'too big to audit'. Spend
> a couple of satoshis and put the hash of the source tar.gz and the
> binaries in the blockchain. Problem solved.
Which is why, as pointed out several times at 30c3 by several renowned
figures, why cryptography has remained squarely outside of mainstream use.
It needs to just work and until you can trust the connection and what the
end point sends you, automatically, it's a big fail and the attack vectors
are many.
<sarcasm>I can just see my mother or grandma manually checking the hash of
a download... </sarcasm>
Drak
--047d7b66f9cba9aa3204ef0df7eb
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On 3=
January 2014 05:45, Troy Benjegerdes <span dir=3D"ltr"><<a href=3D"mail=
to:hozer@hozed.org" target=3D"_blank">hozer@hozed.org</a>></span> wrote:=
<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-lef=
t:1px #ccc solid;padding-left:1ex">
On Tue, Dec 31, 2013 at 05:48:06AM -0800, Gregory Maxwell wrote:<br>
> On Tue, Dec 31, 2013 at 5:39 AM, Drak <<a href=3D"mailto:drak@zikul=
a.org">drak@zikula.org</a>> wrote:<br>
> > The NSA has the ability, right now to change every download of bi=
tcoin-qt,<br>
> > on the fly and the only cure is encryption.<br>
<br>
No, the only cure is the check the hashes. We should know something<br>
about hashes here. TLS is a big pile of 'too big to audit'. Spend<b=
r>
a couple of satoshis and put the hash of the source tar.gz and the<br>
binaries in the blockchain. Problem solved.</blockquote><div><br></div><div=
>Which is why, as pointed out several times at 30c3 by several renowned fig=
ures, why cryptography has remained squarely outside of mainstream use. It =
needs to just work and until you can trust the connection and what the end =
point sends you, automatically, it's a big fail and the attack vectors =
are many.=C2=A0</div>
<div><br></div><div><sarcasm>I can just see my mother or grandma manu=
ally checking the hash of a download... </sarcasm></div><div><br></di=
v><div>Drak</div><div><br></div><div><br></div></div></div></div>
--047d7b66f9cba9aa3204ef0df7eb--
|