Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1VplJD-0003kL-Pi for bitcoin-development@lists.sourceforge.net; Sun, 08 Dec 2013 20:50:35 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.192.175 as permitted sender) client-ip=209.85.192.175; envelope-from=gmaxwell@gmail.com; helo=mail-pd0-f175.google.com; Received: from mail-pd0-f175.google.com ([209.85.192.175]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1VplJD-00085E-48 for bitcoin-development@lists.sourceforge.net; Sun, 08 Dec 2013 20:50:35 +0000 Received: by mail-pd0-f175.google.com with SMTP id w10so3955408pde.34 for ; Sun, 08 Dec 2013 12:50:29 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.68.52.202 with SMTP id v10mr4143712pbo.118.1386535829214; Sun, 08 Dec 2013 12:50:29 -0800 (PST) Received: by 10.70.81.170 with HTTP; Sun, 8 Dec 2013 12:50:29 -0800 (PST) In-Reply-To: References: <52A3C8A5.7010606@gmail.com> <1795f3067ba3fcdd0caf978cc59ff024.squirrel@fruiteater.riseup.net> <52A435EA.7090405@gmail.com> <201312081237.24473.luke@dashjr.org> Date: Sun, 8 Dec 2013 12:50:29 -0800 Message-ID: From: Gregory Maxwell To: Drak Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [209.85.192.175 listed in list.dnswl.org] -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: zikula.org] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1VplJD-00085E-48 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Dedicated server for bitcoin.org, your thoughts? X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Dec 2013 20:50:35 -0000 On Sun, Dec 8, 2013 at 12:40 PM, Drak wrote: > Let me clarify. SSL renders BGP redirection useless because the browser > holds the signatures of CA's it trusts: an attacker cannot spoof a > certificate because it needs to be signed by a trusted CA: that's the poi= nt > of SSL, it encrypts and proves identity, the latter part is what thwarts > MITM. If there was an MITM the browser screams pretty loudly about it wit= h a > big threat warning interstitial. Sadly this isn't true: There are (many) CAs which will issue a certificate (apparently sometime within minutes, though last certificate I obtained took a couple hours total) to anyone who can respond to http (not https) requests on behalf of the domain from the perspective of the CA. This means you can MITM the site, pass all traffic through except the HTTP request from the CA, and start intercepting once the CA has signed your certificate. This works because the CA does nothing to verify identity except check that the requester can control the site. If you'd like to me to demonstrate this attack for you I'd be willing=E2=80= =94 I can provide a proxy that passes on :80 and :443, run your traffic through it and I'll get a cert with your domain name. I'm sorry for the tangent here=E2=80=94 I think this sub-discussion is real= ly unrelated to having Bitcoin.org behind SSL=E2=80=94 but "someone is wrong o= n the internet", and its important to know that SSL hardly does anything to reduce the need to check the offline signatures on the binaries.