public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Adam Back <adam@cypherspace.org>
To: Gregory Maxwell <gmaxwell@gmail.com>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Dedicated server for bitcoin.org, your thoughts?
Date: Thu, 12 Dec 2013 21:51:06 +0100	[thread overview]
Message-ID: <20131212205106.GA4572@netbook.cypherspace.org> (raw)
In-Reply-To: <CAAS2fgR0khyJxmz9c2Oc87hOFgiNuiPJuaeugGajdo_EcKEW9w@mail.gmail.com>

I think the one thing that SSL does provide is some protection against ARP
or DNS poisoning to trick the user into downloading from a different site.

The PGP WoT surrounding bitcoin or OS related ISOs be weak - I am not sure
if I could even check it directly myself despite spending a few hours
tracking down keys and checking fingerprints of biz cards of core devs I met
in person, then that is a relevant point.

Adam

On Sun, Dec 08, 2013 at 11:25:24AM -0800, Gregory Maxwell wrote:
>On Sun, Dec 8, 2013 at 11:16 AM, Drak <drak@zikula.org> wrote:
>> BGP redirection is a reality and can be exploited without much
>
>You're managing to argue against SSL. Because it actually provides
>basically protection against an attacker who can actively intercept
>traffic to the server. Against that threat model SSL is clearly— based
>on your comments— providing a false sense of security.
>
>We _do_ have protection that protect against that— the pgp signature,
>but they are far from a solution since people do not check that.
>
>(I'm not suggesting we shouldn't have it, I'm suggesting you stop
>arguing SSL provides protection it doesn't before you manage to change
>my mind!)
>
>------------------------------------------------------------------------------
>Sponsored by Intel(R) XDK
>Develop, test and display web and hybrid apps with a single code base.
>Download it for free now!
>http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
>_______________________________________________
>Bitcoin-development mailing list
>Bitcoin-development@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/bitcoin-development



  parent reply	other threads:[~2013-12-12 21:02 UTC|newest]

Thread overview: 56+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-12-08  1:17 [Bitcoin-development] Dedicated server for bitcoin.org, your thoughts? Saïvann Carignan
2013-12-08  3:38 ` Odinn Cyberguerrilla
2013-12-08  9:03   ` Saïvann Carignan
2013-12-08 12:37     ` Luke-Jr
2013-12-08 19:16       ` Drak
2013-12-08 19:25         ` Gregory Maxwell
2013-12-08 20:28           ` Mike Hearn
2013-12-08 20:40             ` Gregory Maxwell
2013-12-08 20:51               ` Drak
2013-12-08 21:01                 ` Luke-Jr
2013-12-08 21:11                   ` Drak
2013-12-08 23:51                     ` theymos
2013-12-09  0:06                       ` Taylor Gerring
2013-12-09  6:29                       ` Jeremy Spilman
2013-12-09 10:54                       ` Roy Badami
2013-12-10  9:18                       ` Odinn Cyberguerrilla
2013-12-08 21:09                 ` Gregory Maxwell
2013-12-08 21:16             ` Saïvann Carignan
2013-12-08 21:58               ` Roy Badami
2013-12-08 23:03                 ` Mike Hearn
2013-12-09  5:32                   ` Jeff Garzik
2013-12-08 22:44               ` Gavin Andresen
2013-12-08 23:48                 ` Saïvann Carignan
2013-12-08 23:18               ` Luke-Jr
2013-12-08 23:29               ` Patrick
2013-12-08 21:46             ` Mark Friedenbach
2013-12-08 20:40           ` Drak
2013-12-08 20:50             ` Gregory Maxwell
2013-12-08 21:07               ` Drak
2013-12-08 21:14                 ` Gregory Maxwell
2013-12-08 22:27                   ` Robert McKay
2013-12-12 20:51           ` Adam Back [this message]
2013-12-31 13:39             ` Drak
2013-12-31 13:48               ` Gregory Maxwell
2013-12-31 13:59                 ` Mike Hearn
2013-12-31 14:18                   ` Gregory Maxwell
2013-12-31 14:23                     ` Mike Hearn
2013-12-31 21:25                       ` Jeremy Spilman
2013-12-31 21:33                         ` Matt Corallo
2014-01-01 10:02                           ` Jeremy Spilman
2014-01-01 11:37                             ` Wladimir
2014-01-01 15:10                         ` Mike Hearn
2014-01-01 22:15                       ` Mike Hearn
2014-01-02 19:49                   ` Jorge Timón
2013-12-31 14:05                 ` Benjamin Cordes
2014-01-03  5:45                 ` Troy Benjegerdes
2014-01-03  9:59                   ` Drak
2014-01-03 11:22                     ` Tier Nolan
2014-01-03 13:09                       ` Adam Back
2014-01-03 17:38                     ` Troy Benjegerdes
2014-01-03 18:21                       ` Jorge Timón
2014-01-04  1:43                         ` Troy Benjegerdes
2013-12-08 10:00   ` Drak
2013-12-08 12:39     ` Luke-Jr
2013-12-08 16:51     ` Gregory Maxwell
2013-12-08 16:08 ` Wladimir

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20131212205106.GA4572@netbook.cypherspace.org \
    --to=adam@cypherspace.org \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=gmaxwell@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox