From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Vpl9T-0004UP-Bg for bitcoin-development@lists.sourceforge.net; Sun, 08 Dec 2013 20:40:31 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of zikula.org designates 74.125.82.177 as permitted sender) client-ip=74.125.82.177; envelope-from=drak@zikula.org; helo=mail-we0-f177.google.com; Received: from mail-we0-f177.google.com ([74.125.82.177]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Vpl9S-0007Yw-Fn for bitcoin-development@lists.sourceforge.net; Sun, 08 Dec 2013 20:40:31 +0000 Received: by mail-we0-f177.google.com with SMTP id u56so2604793wes.22 for ; Sun, 08 Dec 2013 12:40:24 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ocaXaCvrJJz2IpNyTdDK4/3IAdqUwSpqORBW+9JGf0Y=; b=YqY5hrlDn6ykpAXfUONR5EdOMERYddnISuRWWvaGQXiSnXn3ME3oeWx0hjB5y4LBaT aaIEwy7uwlw/q2WMxeXSWXlusuPz6pHJ/V3eBWGanwsSMejBKou2gmQm1njUQImSkNs+ ygngqE4tJA4jPjU0qfM0sttYGuqPxzko8FCvpvIgWuC9slKCFw9ve7txpAiFuXpaPqQJ +L4Xdb9le2+qNGgsX3/LVZ21FrOI7d6dNeJ3xrjfS3GR4HGICnxP5j+dtlgviXCQt2Y7 xBfhAJJNOhYGCmeGYYYNO2nH0lAM34JLO0TBFAezO/MhZuxm9AdvkgI/Edu3ijw9f8W5 oy4A== X-Gm-Message-State: ALoCoQkn4xgob92i3dM0yHnbw8NIHIUCSvb3KUeYwNtEgOh8Jt6PquhV6T74YrxrkXdVaUh07S60 X-Received: by 10.194.236.199 with SMTP id uw7mr2947358wjc.63.1386535224250; Sun, 08 Dec 2013 12:40:24 -0800 (PST) MIME-Version: 1.0 Received: by 10.194.93.105 with HTTP; Sun, 8 Dec 2013 12:40:04 -0800 (PST) In-Reply-To: References: <52A3C8A5.7010606@gmail.com> <1795f3067ba3fcdd0caf978cc59ff024.squirrel@fruiteater.riseup.net> <52A435EA.7090405@gmail.com> <201312081237.24473.luke@dashjr.org> From: Drak Date: Sun, 8 Dec 2013 20:40:04 +0000 Message-ID: To: Gregory Maxwell Content-Type: multipart/alternative; boundary=089e01493e4482abb804ed0be382 X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: zikula.org] 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1Vpl9S-0007Yw-Fn Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Dedicated server for bitcoin.org, your thoughts? X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Dec 2013 20:40:31 -0000 --089e01493e4482abb804ed0be382 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 8 December 2013 19:25, Gregory Maxwell wrote: > On Sun, Dec 8, 2013 at 11:16 AM, Drak wrote: > > BGP redirection is a reality and can be exploited without much > > You're managing to argue against SSL. Because it actually provides > basically protection against an attacker who can actively intercept > traffic to the server. Against that threat model SSL is clearly=E2=80=94 = based > on your comments=E2=80=94 providing a false sense of security. Let me clarify. SSL renders BGP redirection useless because the browser holds the signatures of CA's it trusts: an attacker cannot spoof a certificate because it needs to be signed by a trusted CA: that's the point of SSL, it encrypts and proves identity, the latter part is what thwarts MITM. If there was an MITM the browser screams pretty loudly about it with a big threat warning interstitial. Regards, Drak --089e01493e4482abb804ed0be382 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On 8= December 2013 19:25, Gregory Maxwell <gmaxwell@gmail.com> = wrote:
On Sun, Dec 8, 2013 at 11:= 16 AM, Drak <drak@zikula.org> = wrote:
> BGP redirection is a reality and can be exploited without much

You're managing to argue against SSL. Because it actually provide= s
basically protection against an attacker who can actively intercept
traffic to the server. Against that threat model SSL is clearly=E2=80=94 ba= sed
on your comments=E2=80=94 providing a false sense of security.
=

Let me clarify. SSL renders BGP redirection useless bec= ause the browser holds the signatures of CA's it trusts: an attacker ca= nnot spoof a certificate because it needs to be signed by a trusted CA: tha= t's the point of SSL, it encrypts and proves identity, the latter part = is what thwarts MITM. If there was an MITM the browser screams pretty loudl= y about it with a big threat warning interstitial.

Regards,

Drak
--089e01493e4482abb804ed0be382--