📅 Original date posted:2014-01-03 📝 Original message:On Tue, Dec 31, 2013 at ...

Troy Benjegerdes [ARCHIVE] /

npub1m6p…djn5

2023-06-07 15:11:21

in reply to nevent1q…ewrm

📅 Original date posted:2014-01-03
📝 Original message:On Tue, Dec 31, 2013 at 05:48:06AM -0800, Gregory Maxwell wrote:
> On Tue, Dec 31, 2013 at 5:39 AM, Drak <drak at zikula.org> wrote:
> > The NSA has the ability, right now to change every download of bitcoin-qt,
> > on the fly and the only cure is encryption.

No, the only cure is the check the hashes. We should know something
about hashes here. TLS is a big pile of 'too big to audit'. Spend
a couple of satoshis and put the hash of the source tar.gz and the
binaries in the blockchain. Problem solved.

<snipped>

> The downloads are protected by something far stronger than SSL
> already, which might even have a chance against the NSA. Actual
> signatures of the downloads with offline keys.
>
> I'm all pro-SSL and all that, but you are— piece by piece— really
> convincing me that it produces an entirely false sense of security
> which is entirely unjustified.

I used to think encryption was important, and this exchange convinced
me that kerberized telnet with no encryption but with integrity
checking would be far more secure than 'secure' shell.

Also, there's some organization that's inserting malicious memes
that try to get me to buy shit below my signature. How about we
move the mailing list? I've run mailman servers before, and there's
also http://savannah.gnu.org/maintenance/WhyChooseSavannah/

-- Troy (da hozer)

Author Public Key

npub1m6p5kgcd428x6pxyfege98zjmlwrdhp0gyz6pdnsvrvalscddnxqurdjn5

Seen on

wss://relay.nostr.band

Show more details

Published at

2023-06-07 15:11:21

Kind type

1 Short Text Note

Event JSON

{ "id": "7970d9b2bed57d88790b4aee41e00d135acd46cc6f5474af1085fb7431bdd1ae", "pubkey": "de834b230daa8e6d04c44e51929c52dfdc36dc2f4105a0b67060d9dfc30d6ccc", "created_at": 1686150681, "kind": 1, "tags": [ [ "e", "2011b767c16285ff848807a81713a335415663efaabe15ae3e3ea269f035984b", "", "root" ], [ "e", "5df8e1d4b67b38f2159f6563bef2905cc6749a212486e5276dbff0a05d6f5c1a", "", "reply" ], [ "p", "498a711971f8a0194289aee037a4c481a99e731b5151724064973cc0e0b27c84" ] ], "content": "📅 Original date posted:2014-01-03\n📝 Original message:On Tue, Dec 31, 2013 at 05:48:06AM -0800, Gregory Maxwell wrote:\n\u003e On Tue, Dec 31, 2013 at 5:39 AM, Drak \u003cdrak at zikula.org\u003e wrote:\n\u003e \u003e The NSA has the ability, right now to change every download of bitcoin-qt,\n\u003e \u003e on the fly and the only cure is encryption.\n\nNo, the only cure is the check the hashes. We should know something\nabout hashes here. TLS is a big pile of 'too big to audit'. Spend\na couple of satoshis and put the hash of the source tar.gz and the\nbinaries in the blockchain. Problem solved.\n\n\u003csnipped\u003e\n\n\u003e The downloads are protected by something far stronger than SSL\n\u003e already, which might even have a chance against the NSA. Actual\n\u003e signatures of the downloads with offline keys.\n\u003e \n\u003e I'm all pro-SSL and all that, but you are— piece by piece— really\n\u003e convincing me that it produces an entirely false sense of security\n\u003e which is entirely unjustified.\n\nI used to think encryption was important, and this exchange convinced\nme that kerberized telnet with no encryption but with integrity\nchecking would be far more secure than 'secure' shell.\n\nAlso, there's some organization that's inserting malicious memes\nthat try to get me to buy shit below my signature. How about we \nmove the mailing list? I've run mailman servers before, and there's\nalso http://savannah.gnu.org/maintenance/WhyChooseSavannah/\n\n-- Troy (da hozer)", "sig": "9e4f66238630f6d9b6eab3c8e4e235e5cb0a4f8b941163368dda7a9666707a6bd10cba347200f7bc552a56aeac4acaab7944e465dc720afdf8b26f0eb1b67e7a" }