Adam Back [ARCHIVE] on Nostr: đź“… Original date posted:2013-12-12 đź“ť Original message:I think the one thing that ...
đź“… Original date posted:2013-12-12
đź“ť Original message:I think the one thing that SSL does provide is some protection against ARP
or DNS poisoning to trick the user into downloading from a different site.
The PGP WoT surrounding bitcoin or OS related ISOs be weak - I am not sure
if I could even check it directly myself despite spending a few hours
tracking down keys and checking fingerprints of biz cards of core devs I met
in person, then that is a relevant point.
Adam
On Sun, Dec 08, 2013 at 11:25:24AM -0800, Gregory Maxwell wrote:
>On Sun, Dec 8, 2013 at 11:16 AM, Drak <drak at zikula.org> wrote:
>> BGP redirection is a reality and can be exploited without much
>
>You're managing to argue against SSL. Because it actually provides
>basically protection against an attacker who can actively intercept
>traffic to the server. Against that threat model SSL is clearly— based
>on your comments— providing a false sense of security.
>
>We _do_ have protection that protect against that— the pgp signature,
>but they are far from a solution since people do not check that.
>
>(I'm not suggesting we shouldn't have it, I'm suggesting you stop
>arguing SSL provides protection it doesn't before you manage to change
>my mind!)
>
>------------------------------------------------------------------------------
>Sponsored by Intel(R) XDK
>Develop, test and display web and hybrid apps with a single code base.
>Download it for free now!
>http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
>_______________________________________________
>Bitcoin-development mailing list
>Bitcoin-development at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/bitcoin-development
đź“ť Original message:I think the one thing that SSL does provide is some protection against ARP
or DNS poisoning to trick the user into downloading from a different site.
The PGP WoT surrounding bitcoin or OS related ISOs be weak - I am not sure
if I could even check it directly myself despite spending a few hours
tracking down keys and checking fingerprints of biz cards of core devs I met
in person, then that is a relevant point.
Adam
On Sun, Dec 08, 2013 at 11:25:24AM -0800, Gregory Maxwell wrote:
>On Sun, Dec 8, 2013 at 11:16 AM, Drak <drak at zikula.org> wrote:
>> BGP redirection is a reality and can be exploited without much
>
>You're managing to argue against SSL. Because it actually provides
>basically protection against an attacker who can actively intercept
>traffic to the server. Against that threat model SSL is clearly— based
>on your comments— providing a false sense of security.
>
>We _do_ have protection that protect against that— the pgp signature,
>but they are far from a solution since people do not check that.
>
>(I'm not suggesting we shouldn't have it, I'm suggesting you stop
>arguing SSL provides protection it doesn't before you manage to change
>my mind!)
>
>------------------------------------------------------------------------------
>Sponsored by Intel(R) XDK
>Develop, test and display web and hybrid apps with a single code base.
>Download it for free now!
>http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
>_______________________________________________
>Bitcoin-development mailing list
>Bitcoin-development at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/bitcoin-development