summaryrefslogtreecommitdiff
path: root/1e/7ad0de4a58d5546808acb52ce65cfd053e77a3
blob: 668f3d8ebdef6ad883c3cad3f8a67d777b1a0d4f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
	helo=mx.sourceforge.net)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <gmaxwell@gmail.com>) id 1Vplgh-0004bN-R2
	for bitcoin-development@lists.sourceforge.net;
	Sun, 08 Dec 2013 21:14:51 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.160.41 as permitted sender)
	client-ip=209.85.160.41; envelope-from=gmaxwell@gmail.com;
	helo=mail-pb0-f41.google.com; 
Received: from mail-pb0-f41.google.com ([209.85.160.41])
	by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1Vplgg-0000lX-2o
	for bitcoin-development@lists.sourceforge.net;
	Sun, 08 Dec 2013 21:14:51 +0000
Received: by mail-pb0-f41.google.com with SMTP id jt11so4129209pbb.14
	for <bitcoin-development@lists.sourceforge.net>;
	Sun, 08 Dec 2013 13:14:44 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.68.232.3 with SMTP id tk3mr16914952pbc.121.1386537284150;
	Sun, 08 Dec 2013 13:14:44 -0800 (PST)
Received: by 10.70.81.170 with HTTP; Sun, 8 Dec 2013 13:14:44 -0800 (PST)
In-Reply-To: <CANAnSg28awKbAGQS7-kNmenbU00XVB1gpN4c0A3dhGxaH4sxWw@mail.gmail.com>
References: <52A3C8A5.7010606@gmail.com>
	<1795f3067ba3fcdd0caf978cc59ff024.squirrel@fruiteater.riseup.net>
	<52A435EA.7090405@gmail.com> <201312081237.24473.luke@dashjr.org>
	<CANAnSg2OrmQAcZ+cZdtQeADicH3U29QOgYPfP1AQhOMP6+P1wg@mail.gmail.com>
	<CAAS2fgR0khyJxmz9c2Oc87hOFgiNuiPJuaeugGajdo_EcKEW9w@mail.gmail.com>
	<CANAnSg2tep2VURmudfNModuJAryw8hfOj8Z8idVbt37keiZ8Lg@mail.gmail.com>
	<CAAS2fgT=0m=0-C+MNotUy6nqwcR-Y+YTNYrS8DZptMo5vCMRnA@mail.gmail.com>
	<CANAnSg28awKbAGQS7-kNmenbU00XVB1gpN4c0A3dhGxaH4sxWw@mail.gmail.com>
Date: Sun, 8 Dec 2013 13:14:44 -0800
Message-ID: <CAAS2fgQ=b2e-hFwZiVDPTs2hnPLuQBh0Lx31Q9xGNPG8+2fH-g@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Drak <drak@zikula.org>
Content-Type: text/plain; charset=UTF-8
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
	See
	http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
	for more information. [URIs: zikula.org]
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(gmaxwell[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1Vplgg-0000lX-2o
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Dedicated server for bitcoin.org,
	your thoughts?
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 08 Dec 2013 21:14:52 -0000

On Sun, Dec 8, 2013 at 1:07 PM, Drak <drak@zikula.org> wrote:
> Simple verification relies on being able to answer the email sent to the
> person in the whois records, or standard admin/webmaster@ addresses to prove
> ownership of the domain

Godaddy and many other CA's are verified from nothing other than a
http fetch, no email involved.

As I said, I'm willing to demonstrate if you have a domain.

> You cannot MITM SSL connections

You can, once you've obtained a certificate.

> Anyway, I take your points, but this is an area I am quite passionate about
> so it's important for me to be clear.

As I warned before, you're making my reconsider my position about the
downloads being SSL. If people are so convinced that SSL provides
protection it does not that even with an explanation and and an offer
to demonstrate then perhaps providing SSL will reduce people's
security.

... the _only_ reason I don't yet hold that position now is that I
know objectively that almost no one tests the signatures.

On Sun, Dec 8, 2013 at 1:11 PM, Drak <drak@zikula.org> wrote:
> It's not just about trust, there is the robustness factor: what if he
> becomes sick, unavailable, hit by a bus? Others need the ability to pickup
> and run with it. The control over the domain (including ability to renew
> registration, alter nameservers) needs to be with more than one person.
> That's why I suggest using the same people who have control over the
> software project at sf,github.

My understanding is that the domain is already controlled by more than
one person. You're not the first person to think of these things. :)