Mike Hearn [ARCHIVE] on Nostr: 📅 Original date posted:2013-12-31 📝 Original message:> > The site was actually ...
📅 Original date posted:2013-12-31
📝 Original message:>
> The site was actually moved onto a dedicated server temporarily and it
> melted down under the load. I wouldn't call that no progress.
>
Oh, it did? When was that? I must have missed this excitement :)
Any idea how much load it had?
Perhaps I wasn't clear on the point I was making Drak's threat model
> is not improved in the slightest by SSL. It would be improved by
> increasing the use of signature checking, e.g. by making it easier.
>
Well, that depends. If you watch Applebaums talk he is pushing TLS pretty
hard, and saying that based on the access to the source docs some of their
MITM attacks can't beat TLS. It appears that they have the capability to do
bulk MITM and rewrite of downloads as Drak says but *not* when TLS is
present, that would force more targeted attacks. So to me that implies that
TLS does raise the bar and is worth doing.
However if we can't find a server that won't melt under the load, then
that'd be an issue. We could consider hosting downloads on AppEngine or
something else that can handle both high load and TLS.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131231/b669b88d/attachment.html>
📝 Original message:>
> The site was actually moved onto a dedicated server temporarily and it
> melted down under the load. I wouldn't call that no progress.
>
Oh, it did? When was that? I must have missed this excitement :)
Any idea how much load it had?
Perhaps I wasn't clear on the point I was making Drak's threat model
> is not improved in the slightest by SSL. It would be improved by
> increasing the use of signature checking, e.g. by making it easier.
>
Well, that depends. If you watch Applebaums talk he is pushing TLS pretty
hard, and saying that based on the access to the source docs some of their
MITM attacks can't beat TLS. It appears that they have the capability to do
bulk MITM and rewrite of downloads as Drak says but *not* when TLS is
present, that would force more targeted attacks. So to me that implies that
TLS does raise the bar and is worth doing.
However if we can't find a server that won't melt under the load, then
that'd be an issue. We could consider hosting downloads on AppEngine or
something else that can handle both high load and TLS.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131231/b669b88d/attachment.html>