1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <drak@zikula.org>) id 1Vpl9T-0004UP-Bg
for bitcoin-development@lists.sourceforge.net;
Sun, 08 Dec 2013 20:40:31 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of zikula.org
designates 74.125.82.177 as permitted sender)
client-ip=74.125.82.177; envelope-from=drak@zikula.org;
helo=mail-we0-f177.google.com;
Received: from mail-we0-f177.google.com ([74.125.82.177])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1Vpl9S-0007Yw-Fn
for bitcoin-development@lists.sourceforge.net;
Sun, 08 Dec 2013 20:40:31 +0000
Received: by mail-we0-f177.google.com with SMTP id u56so2604793wes.22
for <bitcoin-development@lists.sourceforge.net>;
Sun, 08 Dec 2013 12:40:24 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc:content-type;
bh=ocaXaCvrJJz2IpNyTdDK4/3IAdqUwSpqORBW+9JGf0Y=;
b=YqY5hrlDn6ykpAXfUONR5EdOMERYddnISuRWWvaGQXiSnXn3ME3oeWx0hjB5y4LBaT
aaIEwy7uwlw/q2WMxeXSWXlusuPz6pHJ/V3eBWGanwsSMejBKou2gmQm1njUQImSkNs+
ygngqE4tJA4jPjU0qfM0sttYGuqPxzko8FCvpvIgWuC9slKCFw9ve7txpAiFuXpaPqQJ
+L4Xdb9le2+qNGgsX3/LVZ21FrOI7d6dNeJ3xrjfS3GR4HGICnxP5j+dtlgviXCQt2Y7
xBfhAJJNOhYGCmeGYYYNO2nH0lAM34JLO0TBFAezO/MhZuxm9AdvkgI/Edu3ijw9f8W5
oy4A==
X-Gm-Message-State: ALoCoQkn4xgob92i3dM0yHnbw8NIHIUCSvb3KUeYwNtEgOh8Jt6PquhV6T74YrxrkXdVaUh07S60
X-Received: by 10.194.236.199 with SMTP id uw7mr2947358wjc.63.1386535224250;
Sun, 08 Dec 2013 12:40:24 -0800 (PST)
MIME-Version: 1.0
Received: by 10.194.93.105 with HTTP; Sun, 8 Dec 2013 12:40:04 -0800 (PST)
In-Reply-To: <CAAS2fgR0khyJxmz9c2Oc87hOFgiNuiPJuaeugGajdo_EcKEW9w@mail.gmail.com>
References: <52A3C8A5.7010606@gmail.com>
<1795f3067ba3fcdd0caf978cc59ff024.squirrel@fruiteater.riseup.net>
<52A435EA.7090405@gmail.com> <201312081237.24473.luke@dashjr.org>
<CANAnSg2OrmQAcZ+cZdtQeADicH3U29QOgYPfP1AQhOMP6+P1wg@mail.gmail.com>
<CAAS2fgR0khyJxmz9c2Oc87hOFgiNuiPJuaeugGajdo_EcKEW9w@mail.gmail.com>
From: Drak <drak@zikula.org>
Date: Sun, 8 Dec 2013 20:40:04 +0000
Message-ID: <CANAnSg2tep2VURmudfNModuJAryw8hfOj8Z8idVbt37keiZ8Lg@mail.gmail.com>
To: Gregory Maxwell <gmaxwell@gmail.com>
Content-Type: multipart/alternative; boundary=089e01493e4482abb804ed0be382
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information. [URIs: zikula.org]
1.0 HTML_MESSAGE BODY: HTML included in message
X-Headers-End: 1Vpl9S-0007Yw-Fn
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Dedicated server for bitcoin.org,
your thoughts?
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 08 Dec 2013 20:40:31 -0000
--089e01493e4482abb804ed0be382
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 8 December 2013 19:25, Gregory Maxwell <gmaxwell@gmail.com> wrote:
> On Sun, Dec 8, 2013 at 11:16 AM, Drak <drak@zikula.org> wrote:
> > BGP redirection is a reality and can be exploited without much
>
> You're managing to argue against SSL. Because it actually provides
> basically protection against an attacker who can actively intercept
> traffic to the server. Against that threat model SSL is clearly=E2=80=94 =
based
> on your comments=E2=80=94 providing a false sense of security.
Let me clarify. SSL renders BGP redirection useless because the browser
holds the signatures of CA's it trusts: an attacker cannot spoof a
certificate because it needs to be signed by a trusted CA: that's the point
of SSL, it encrypts and proves identity, the latter part is what thwarts
MITM. If there was an MITM the browser screams pretty loudly about it with
a big threat warning interstitial.
Regards,
Drak
--089e01493e4482abb804ed0be382
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On 8=
December 2013 19:25, Gregory Maxwell <span dir=3D"ltr"><<a href=3D"mail=
to:gmaxwell@gmail.com" target=3D"_blank">gmaxwell@gmail.com</a>></span> =
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">On Sun, Dec 8, 2013 at 11:=
16 AM, Drak <<a href=3D"mailto:drak@zikula.org">drak@zikula.org</a>> =
wrote:<br>
> BGP redirection is a reality and can be exploited without much<br>
<br>
</div>You're managing to argue against SSL. Because it actually provide=
s<br>
basically protection against an attacker who can actively intercept<br>
traffic to the server. Against that threat model SSL is clearly=E2=80=94 ba=
sed<br>
on your comments=E2=80=94 providing a false sense of security.</blockquote>=
<div><br></div><div>Let me clarify. SSL renders BGP redirection useless bec=
ause the browser holds the signatures of CA's it trusts: an attacker ca=
nnot spoof a certificate because it needs to be signed by a trusted CA: tha=
t's the point of SSL, it encrypts and proves identity, the latter part =
is what thwarts MITM. If there was an MITM the browser screams pretty loudl=
y about it with a big threat warning interstitial.</div>
<div><br></div><div>Regards,</div><div><br></div><div>Drak</div></div></div=
></div>
--089e01493e4482abb804ed0be382--
|
