summaryrefslogtreecommitdiff
path: root/fd/478dd60717d3fa9604206ebd3883d01d9686a5
blob: 9eda01dd6c55d61adef319ed7ba55fb380152246 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <tier.nolan@gmail.com>) id 1Vz2pu-00060Z-UK
	for bitcoin-development@lists.sourceforge.net;
	Fri, 03 Jan 2014 11:22:42 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.192.196 as permitted sender)
	client-ip=209.85.192.196; envelope-from=tier.nolan@gmail.com;
	helo=mail-pd0-f196.google.com; 
Received: from mail-pd0-f196.google.com ([209.85.192.196])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1Vz2pu-0000cn-2Z
	for bitcoin-development@lists.sourceforge.net;
	Fri, 03 Jan 2014 11:22:42 +0000
Received: by mail-pd0-f196.google.com with SMTP id p10so11416907pdj.3
	for <bitcoin-development@lists.sourceforge.net>;
	Fri, 03 Jan 2014 03:22:36 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.68.245.200 with SMTP id xq8mr93575933pbc.21.1388748156111;
	Fri, 03 Jan 2014 03:22:36 -0800 (PST)
Received: by 10.70.70.196 with HTTP; Fri, 3 Jan 2014 03:22:35 -0800 (PST)
In-Reply-To: <CANAnSg0esEMQ+G=9F2zK6okcewT6NdYBFnXHmyHz8VR4AAp0nw@mail.gmail.com>
References: <52A3C8A5.7010606@gmail.com>
	<1795f3067ba3fcdd0caf978cc59ff024.squirrel@fruiteater.riseup.net>
	<52A435EA.7090405@gmail.com> <201312081237.24473.luke@dashjr.org>
	<CANAnSg2OrmQAcZ+cZdtQeADicH3U29QOgYPfP1AQhOMP6+P1wg@mail.gmail.com>
	<CAAS2fgR0khyJxmz9c2Oc87hOFgiNuiPJuaeugGajdo_EcKEW9w@mail.gmail.com>
	<20131212205106.GA4572@netbook.cypherspace.org>
	<CANAnSg3nPhrk2k=yDKf39AuBQnSuTWJbgANdMhGe=soiOy0NTw@mail.gmail.com>
	<CAAS2fgTmWRMxYweu3sNn_X7grgjUqTQujM-DbZRxG_YMZnD=7g@mail.gmail.com>
	<20140103054515.GL3180@nl.grid.coop>
	<CANAnSg0esEMQ+G=9F2zK6okcewT6NdYBFnXHmyHz8VR4AAp0nw@mail.gmail.com>
Date: Fri, 3 Jan 2014 11:22:35 +0000
Message-ID: <CAE-z3OV2jxwO0t2NcJSmJM5WH5aWZtSv3JxhFs0wNMA_PQ257w@mail.gmail.com>
From: Tier Nolan <tier.nolan@gmail.com>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Content-Type: multipart/alternative; boundary=047d7b1636c387121b04ef0f2085
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
	no trust [209.85.192.196 listed in list.dnswl.org]
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(tier.nolan[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	1.0 HTML_MESSAGE           BODY: HTML included in message
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1Vz2pu-0000cn-2Z
Subject: Re: [Bitcoin-development] Dedicated server for bitcoin.org,
	your thoughts?
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 03 Jan 2014 11:22:43 -0000

--047d7b1636c387121b04ef0f2085
Content-Type: text/plain; charset=ISO-8859-1

On Fri, Jan 3, 2014 at 9:59 AM, Drak <drak@zikula.org> wrote:

> Which is why, as pointed out several times at 30c3 by several renowned
> figures, why cryptography has remained squarely outside of mainstream use.
> It needs to just work and until you can trust the connection and what the
> end point sends you, automatically, it's a big fail and the attack vectors
> are many.
>
> <sarcasm>I can just see my mother or grandma manually checking the hash of
> a download... </sarcasm>
>

Maybe a simple compromise would be to add a secure downloader to the
bitcoin client.

The download link could point to a meta-data file that has info on the
download.

file_url=
hash_url=
sig_url=
message=This is version x.y.z of the bitcoin client

It still suffers from the root CA problem though.  The bitcoin client would
accept Gavin's signature or a "core team" signature.

At least it would provide forward security.

It could also be used to download files for different projects, with
explicit warnings that you are adding a new trusted key.

When you try to download, you would be given a window

Project: Some Alternative Wallet
Signed by: P. Lead
Message:

Confirm download Yes No

However, even if you do that, each trusted key is only linked to a
particular project.

It would say if the project and/or leader is unknown.

--047d7b1636c387121b04ef0f2085
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Fri, Jan 3, 2014 at 9:59 AM, Drak <span dir=3D"ltr">&lt=
;<a href=3D"mailto:drak@zikula.org" target=3D"_blank">drak@zikula.org</a>&g=
t;</span> wrote:<br><div class=3D"gmail_extra"><div class=3D"gmail_quote"><=
blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l=
eft:1px solid rgb(204,204,204);padding-left:1ex">
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><div=
 class=3D"im"></div><div>Which is why, as pointed out several times at 30c3=
 by several renowned figures, why cryptography has remained squarely outsid=
e of mainstream use. It needs to just work and until you can trust the conn=
ection and what the end point sends you, automatically, it&#39;s a big fail=
 and the attack vectors are many.=A0</div>


<div><br></div><div>&lt;sarcasm&gt;I can just see my mother or grandma manu=
ally checking the hash of a download... &lt;/sarcasm&gt;</div></div></div><=
/div></blockquote><div><br></div></div>Maybe a simple compromise would be t=
o add a secure downloader to the bitcoin client.<br>
<br></div><div class=3D"gmail_extra">The download link could point to a met=
a-data file that has info on the download.<br><br></div><div class=3D"gmail=
_extra">file_url=3D<br></div><div class=3D"gmail_extra">hash_url=3D<br>sig_=
url=3D<br>
</div><div class=3D"gmail_extra">message=3DThis is version x.y.z of the bit=
coin client<br><br></div><div class=3D"gmail_extra">It still suffers from t=
he root CA problem though.=A0 The bitcoin client would accept Gavin&#39;s s=
ignature or a &quot;core team&quot; signature.<br>
<br>At least it would provide forward security.<br><br></div><div class=3D"=
gmail_extra">It could also be used to download files for different projects=
, with explicit warnings that you are adding a new trusted key.<br><br></di=
v>
<div class=3D"gmail_extra">When you try to download, you would be given a w=
indow<br><br></div><div class=3D"gmail_extra"></div><div class=3D"gmail_ext=
ra">Project: Some Alternative Wallet <br></div><div class=3D"gmail_extra">S=
igned by: P. Lead<br>
Message: <br></div><div class=3D"gmail_extra"><br></div><div class=3D"gmail=
_extra">Confirm download Yes No<br><br></div><div class=3D"gmail_extra">How=
ever, even if you do that, each trusted key is only linked to a particular =
project.<br>
<br></div><div class=3D"gmail_extra"></div><div class=3D"gmail_extra">It wo=
uld say if the project and/or leader is unknown.<br></div></div>

--047d7b1636c387121b04ef0f2085--