Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Vz1Xd-0002VH-9k for bitcoin-development@lists.sourceforge.net; Fri, 03 Jan 2014 09:59:45 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of zikula.org designates 74.125.82.177 as permitted sender) client-ip=74.125.82.177; envelope-from=drak@zikula.org; helo=mail-we0-f177.google.com; Received: from mail-we0-f177.google.com ([74.125.82.177]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Vz1XZ-0002F4-QT for bitcoin-development@lists.sourceforge.net; Fri, 03 Jan 2014 09:59:45 +0000 Received: by mail-we0-f177.google.com with SMTP id u56so13399847wes.36 for ; Fri, 03 Jan 2014 01:59:35 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=YTRPnpUCy1Ei2Ailbzp3Sd+F4Ei/tCpOCrpdvjokhW0=; b=KfutfREBShszfkDnWmRoBYpRw/o6OZ3LfP26YiwzDtUc3geltOGf2qqC8c05YDLsl8 mF1/RN3f2nunSY/9+RsINBYaPZCUdinAMGZV/L9Jodj3YmtNJjB6/bV2ljn8ce2dwEK4 U+QlmkwG3fl56Fz737LLJEL/LDkSIb6Mga2WeFdJHZUPDVcElcoXwzp3vwHydovRBAMM 6n/v6dZzY59jxByLb+87B5jwOnunYAQ7C3X4hRZ6KM3EMoCvXgDYTTmo4mgKGUeXkDnx aNGhQZ65loYCBDJOEk98e2d+AVIwuQz8t3WRgLGwvzt/9tKR3elEEowa8Uphmffb9pOB Fpsw== X-Gm-Message-State: ALoCoQmKEckZmPEoBZXcbvZGKXaT7QrlNI+M7u1VRxNUlEdEnK41/iWS0Nforo8aXjvXpCVRjHJn X-Received: by 10.180.160.166 with SMTP id xl6mr1140205wib.43.1388743175541; Fri, 03 Jan 2014 01:59:35 -0800 (PST) MIME-Version: 1.0 Received: by 10.194.30.8 with HTTP; Fri, 3 Jan 2014 01:59:15 -0800 (PST) In-Reply-To: <20140103054515.GL3180@nl.grid.coop> References: <52A3C8A5.7010606@gmail.com> <1795f3067ba3fcdd0caf978cc59ff024.squirrel@fruiteater.riseup.net> <52A435EA.7090405@gmail.com> <201312081237.24473.luke@dashjr.org> <20131212205106.GA4572@netbook.cypherspace.org> <20140103054515.GL3180@nl.grid.coop> From: Drak Date: Fri, 3 Jan 2014 09:59:15 +0000 Message-ID: To: Troy Benjegerdes Content-Type: multipart/alternative; boundary=047d7b66f9cba9aa3204ef0df7eb X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1Vz1XZ-0002F4-QT Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Dedicated server for bitcoin.org, your thoughts? X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jan 2014 09:59:45 -0000 --047d7b66f9cba9aa3204ef0df7eb Content-Type: text/plain; charset=UTF-8 On 3 January 2014 05:45, Troy Benjegerdes wrote: > On Tue, Dec 31, 2013 at 05:48:06AM -0800, Gregory Maxwell wrote: > > On Tue, Dec 31, 2013 at 5:39 AM, Drak wrote: > > > The NSA has the ability, right now to change every download of > bitcoin-qt, > > > on the fly and the only cure is encryption. > > No, the only cure is the check the hashes. We should know something > about hashes here. TLS is a big pile of 'too big to audit'. Spend > a couple of satoshis and put the hash of the source tar.gz and the > binaries in the blockchain. Problem solved. Which is why, as pointed out several times at 30c3 by several renowned figures, why cryptography has remained squarely outside of mainstream use. It needs to just work and until you can trust the connection and what the end point sends you, automatically, it's a big fail and the attack vectors are many. I can just see my mother or grandma manually checking the hash of a download... Drak --047d7b66f9cba9aa3204ef0df7eb Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On 3= January 2014 05:45, Troy Benjegerdes <hozer@hozed.org> wrote:=
On Tue, Dec 31, 2013 at 05:48:06AM -0800, Gregory Maxwell wrote:
> On Tue, Dec 31, 2013 at 5:39 AM, Drak <drak@zikula.org> wrote:
> > The NSA has the ability, right now to change every download of bi= tcoin-qt,
> > on the fly and the only cure is encryption.

No, the only cure is the check the hashes. We should know something
about hashes here. TLS is a big pile of 'too big to audit'. Spend a couple of satoshis and put the hash of the source tar.gz and the
binaries in the blockchain. Problem solved.

Which is why, as pointed out several times at 30c3 by several renowned fig= ures, why cryptography has remained squarely outside of mainstream use. It = needs to just work and until you can trust the connection and what the end = point sends you, automatically, it's a big fail and the attack vectors = are many.=C2=A0

<sarcasm>I can just see my mother or grandma manu= ally checking the hash of a download... </sarcasm>

Drak


--047d7b66f9cba9aa3204ef0df7eb--