Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1VpmcL-0008AR-9r for bitcoin-development@lists.sourceforge.net; Sun, 08 Dec 2013 22:14:25 +0000 Received: from mail-wg0-f41.google.com ([74.125.82.41]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1VpmcJ-0006N1-D0 for bitcoin-development@lists.sourceforge.net; Sun, 08 Dec 2013 22:14:25 +0000 Received: by mail-wg0-f41.google.com with SMTP id y10so2703180wgg.2 for ; Sun, 08 Dec 2013 14:14:17 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=NuEZb5tbg5+pvriIiEQqzjTrZhNFCdbDN0WwLhKORUQ=; b=RX848CZu9usAV9PEmzlKwLrDgfBsPVTtOfFqj8U5SH/9jBTn0KANKLnP9p49GNTQes xgljhCN8M61XUa39elav0XtoT9zh35/Mjk6y/gqKMbW1AhuuDK3GB7iA7nIcapjYsAop +xn95daiycSKmkU3hJeG9p+HnHjz7qXSTTifjmvsOgd+oNpsB7qhOMxUIS/QkhsCb3Qa 8zb4F77Xkm78xiaDzPblGWv65uUcwEpj7+sURP5+w3zeUcAV6gPr/s5TSyZRvKREcZtU rFgnOB2Z9uNcLRvhL3DIWeWDp5Bz0hqDkO2ugVci1axgCPrfVeWrhP9ssfsCBorxgvkf e7Jg== X-Gm-Message-State: ALoCoQksnMU3Bq3Ct8FL8n1nMYjNM2ez/FGTLV7myRv61xPMvmmYXcoTIbmODQjHlTGinRP6IQe1 MIME-Version: 1.0 X-Received: by 10.180.211.199 with SMTP id ne7mr9498493wic.6.1386539179092; Sun, 08 Dec 2013 13:46:19 -0800 (PST) Received: by 10.194.60.241 with HTTP; Sun, 8 Dec 2013 13:46:18 -0800 (PST) X-Originating-IP: [70.197.11.57] Received: by 10.194.60.241 with HTTP; Sun, 8 Dec 2013 13:46:18 -0800 (PST) In-Reply-To: References: <52A3C8A5.7010606@gmail.com> <1795f3067ba3fcdd0caf978cc59ff024.squirrel@fruiteater.riseup.net> <52A435EA.7090405@gmail.com> <201312081237.24473.luke@dashjr.org> Date: Sun, 8 Dec 2013 13:46:18 -0800 Message-ID: From: Mark Friedenbach To: Mike Hearn Content-Type: multipart/alternative; boundary=001a11c3473a3cbe6d04ed0ccf8a X-Spam-Score: 1.0 (+) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: doubleclick.net] 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1VpmcJ-0006N1-D0 Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Dedicated server for bitcoin.org, your thoughts? X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Dec 2013 22:14:25 -0000 --001a11c3473a3cbe6d04ed0ccf8a Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I too would be against the foundation taking control of hosting or the domain. I have no reason at this time not to trust them, by checks and balances are a good thing. On Dec 8, 2013 12:29 PM, "Mike Hearn" wrote: > Issues that would need to be resolved: > > 1) Who pays for it? Most obvious answer: Foundation. However there's > currently a fairly clear line between the foundation website and the > bitcoin.org website. I personally am fine with the bitcoin foundation > funding the website, it's a lot closer to the bitcoin community than > github. But some people might care. So next step would be to contact the > Foundation board and see if they're willing to fund it. > > 2) Anti-DoS? I assume github handles this at the moment, though I doubt > there's anything to be gained from DoSing the informational website > > 3) Where does the server go? Ideally, a hosting provider that accepts > Bitcoin of course! > > 4) Who admins it? > > 5) Who controls DNS for it? > > Right now I think Sirius still owns DNS for bitcoin.org which is > nonsense. He needs to pass it on to someone who is actually still involve= d > with the project. Again, the most obvious neutral candidate would be the > Foundation. > > So I think it's a good idea but there's a fair amount of work here. The > primary upside I see is that it opens the potential for adding > interactive/server-side code in future if we decide that would be useful. > > > > On Sun, Dec 8, 2013 at 8:25 PM, Gregory Maxwell wrote= : > >> On Sun, Dec 8, 2013 at 11:16 AM, Drak wrote: >> > BGP redirection is a reality and can be exploited without much >> >> You're managing to argue against SSL. Because it actually provides >> basically protection against an attacker who can actively intercept >> traffic to the server. Against that threat model SSL is clearly=E2=80=94= based >> on your comments=E2=80=94 providing a false sense of security. >> >> We _do_ have protection that protect against that=E2=80=94 the pgp signa= ture, >> but they are far from a solution since people do not check that. >> >> (I'm not suggesting we shouldn't have it, I'm suggesting you stop >> arguing SSL provides protection it doesn't before you manage to change >> my mind!) >> >> >> ------------------------------------------------------------------------= ------ >> Sponsored by Intel(R) XDK >> Develop, test and display web and hybrid apps with a single code base. >> Download it for free now! >> >> http://pubads.g.doubleclick.net/gampad/clk?id=3D111408631&iu=3D/4140/ost= g.clktrk >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> > > > > -------------------------------------------------------------------------= ----- > Sponsored by Intel(R) XDK > Develop, test and display web and hybrid apps with a single code base. > Download it for free now! > > http://pubads.g.doubleclick.net/gampad/clk?id=3D111408631&iu=3D/4140/ostg= .clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > --001a11c3473a3cbe6d04ed0ccf8a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I too would be against the foundation taking control of host= ing or the domain. I have no reason at this time not to trust them, by chec= ks and balances are a good thing.

On Dec 8, 2013 12:29 PM, "Mike Hearn" = <mike@plan99.net> wrote:
Issues that would need to be resolved:

= 1) Who pays for it? Most obvious answer: Foundation. However there's cu= rrently a fairly clear line between the foundation website and the bitcoin.org website. I person= ally am fine with the bitcoin foundation funding the website, it's a lo= t closer to the bitcoin community than github. But some people might care. = So next step would be to contact the Foundation board and see if they'r= e willing to fund it.

2) Anti-DoS? I assume github handles this at the moment= , though I doubt there's anything to be gained from DoSing the informat= ional website

3) Where does the server go? Ideally= , a hosting provider that accepts Bitcoin of course!

4) Who admins it?

5) Who contr= ols DNS for it?

Right now I think Sirius still own= s DNS for bitcoin.org = which is nonsense. He needs to pass it on to someone who is actually still = involved with the project. Again, the most obvious neutral candidate would = be the Foundation.

So I think it's a good idea but there's a fair = amount of work here. The primary upside I see is that it opens the potentia= l for adding interactive/server-side code in future if we decide that would= be useful.



On Sun, Dec 8, 2013 at 8:25 PM, Gregory Maxwell &= lt;gmaxwell@gmail.c= om> wrote:
On Sun, Dec 8, 2013 at 11:16 AM, Drak &= lt;drak@zikula.org= > wrote:
> BGP redirection is a reality and can be exploited without much

You're managing to argue against SSL. Because it actually provide= s
basically protection against an attacker who can actively intercept
traffic to the server. Against that threat model SSL is clearly=E2=80=94 ba= sed
on your comments=E2=80=94 providing a false sense of security.

We _do_ have protection that protect against that=E2=80=94 the pgp signatur= e,
but they are far from a solution since people do not check that.

(I'm not suggesting we shouldn't have it, I'm suggesting you st= op
arguing SSL provides protection it doesn't before you manage to change<= br> my mind!)

---------------------------------------------------------------------------= ---
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D111408631&iu=3D/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment


-----------------------------------------------------------------------= -------
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D111408631&iu=3D/4140/ostg.clktrk
__________________= _____________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment

--001a11c3473a3cbe6d04ed0ccf8a--