1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <hozer@grid.coop>) id 1VyxZU-00077N-CE
for bitcoin-development@lists.sourceforge.net;
Fri, 03 Jan 2014 05:45:24 +0000
X-ACL-Warn:
Received: from nl.grid.coop ([50.7.166.116])
by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1VyxZT-00059C-6k for bitcoin-development@lists.sourceforge.net;
Fri, 03 Jan 2014 05:45:24 +0000
Received: from localhost (localhost [127.0.0.1]) (uid 1000)
by nl.grid.coop with local; Thu, 02 Jan 2014 23:45:15 -0600
id 000000000006E26B.0000000052C64E6B.00005C6F
Date: Thu, 2 Jan 2014 23:45:15 -0600
From: Troy Benjegerdes <hozer@hozed.org>
To: Gregory Maxwell <gmaxwell@gmail.com>
Message-ID: <20140103054515.GL3180@nl.grid.coop>
References: <52A3C8A5.7010606@gmail.com>
<1795f3067ba3fcdd0caf978cc59ff024.squirrel@fruiteater.riseup.net>
<52A435EA.7090405@gmail.com> <201312081237.24473.luke@dashjr.org>
<CANAnSg2OrmQAcZ+cZdtQeADicH3U29QOgYPfP1AQhOMP6+P1wg@mail.gmail.com>
<CAAS2fgR0khyJxmz9c2Oc87hOFgiNuiPJuaeugGajdo_EcKEW9w@mail.gmail.com>
<20131212205106.GA4572@netbook.cypherspace.org>
<CANAnSg3nPhrk2k=yDKf39AuBQnSuTWJbgANdMhGe=soiOy0NTw@mail.gmail.com>
<CAAS2fgTmWRMxYweu3sNn_X7grgjUqTQujM-DbZRxG_YMZnD=7g@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
In-Reply-To: <CAAS2fgTmWRMxYweu3sNn_X7grgjUqTQujM-DbZRxG_YMZnD=7g@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Mime-Autoconverted: from 8bit to quoted-printable by courier 0.68.2
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-0.5 RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
X-Headers-End: 1VyxZT-00059C-6k
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Dedicated server for bitcoin.org,
your thoughts?
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 03 Jan 2014 05:45:24 -0000
On Tue, Dec 31, 2013 at 05:48:06AM -0800, Gregory Maxwell wrote:
> On Tue, Dec 31, 2013 at 5:39 AM, Drak <drak@zikula.org> wrote:
> > The NSA has the ability, right now to change every download of bitcoi=
n-qt,
> > on the fly and the only cure is encryption.
No, the only cure is the check the hashes. We should know something
about hashes here. TLS is a big pile of 'too big to audit'. Spend
a couple of satoshis and put the hash of the source tar.gz and the
binaries in the blockchain. Problem solved.
<snipped>
> The downloads are protected by something far stronger than SSL
> already, which might even have a chance against the NSA. Actual
> signatures of the downloads with offline keys.
>=20
> I'm all pro-SSL and all that, but you are=E2=80=94 piece by piece=E2=80=
=94 really
> convincing me that it produces an entirely false sense of security
> which is entirely unjustified.
I used to think encryption was important, and this exchange convinced
me that kerberized telnet with no encryption but with integrity
checking would be far more secure than 'secure' shell.
Also, there's some organization that's inserting malicious memes
that try to get me to buy shit below my signature. How about we=20
move the mailing list? I've run mailman servers before, and there's
also http://savannah.gnu.org/maintenance/WhyChooseSavannah/
-- Troy (da hozer)
|
