đź“… Original date posted:2013-12-31
đź“ť Original message:On Tue, Dec 31, 2013 at 5:39 AM, Drak <drak at zikula.org> wrote:
> The NSA has the ability, right now to change every download of bitcoin-qt,
> on the fly and the only cure is encryption.
Please cut it out with the snake oil pedaling. This is really over the
top. You're invoking the NSA as the threat here? Okay. The NSA can
trivially compromise an HTTPS download site: even ignoring the CA
insecurity, and government run CAs certificate authorities issue CA
certs to random governments and corporations for dataloss prevention
purposes. Not to mention unparalleled access to exploits.
The downloads are protected by something far stronger than SSL
already, which might even have a chance against the NSA. Actual
signatures of the downloads with offline keys.
I'm all pro-SSL and all that, but you are— piece by piece— really
convincing me that it produces an entirely false sense of security
which is entirely unjustified.
Gregory Maxwell [ARCHIVE] /
npub1f2…crwet
2023-06-07 15:10:33
in reply to nevent1q…zk5a
Author Public Key
npub1f2nvlx49er5c7sqa43src6ssyp6snd4qwvtkwm5avc2l84cs84esecrwetPublished at
2023-06-07 15:10:33Event JSON
{
"id": "9e66f13ebd0fc2fb5d28224f9185722f9f2f19f0c2c61b830c95612642eb5298",
"pubkey": "4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73",
"created_at": 1686150633,
"kind": 1,
"tags": [
[
"e",
"d517aa463a22abef5f03468f652eeefb44676da99926537d88111078c3e0468b",
"",
"root"
],
[
"e",
"01544bc6ca246acc467fed8c2fc73d5f5cdc6b6d73f4a7a482f7a7975ede3fc0",
"",
"reply"
],
[
"p",
"50ece7cbb2dc316af1cd5da0d62e0e1fec40f20919242c8fbedd53702fba95db"
]
],
"content": "📅 Original date posted:2013-12-31\n📝 Original message:On Tue, Dec 31, 2013 at 5:39 AM, Drak \u003cdrak at zikula.org\u003e wrote:\n\u003e The NSA has the ability, right now to change every download of bitcoin-qt,\n\u003e on the fly and the only cure is encryption.\n\nPlease cut it out with the snake oil pedaling. This is really over the\ntop. You're invoking the NSA as the threat here? Okay. The NSA can\ntrivially compromise an HTTPS download site: even ignoring the CA\ninsecurity, and government run CAs certificate authorities issue CA\ncerts to random governments and corporations for dataloss prevention\npurposes. Not to mention unparalleled access to exploits.\n\nThe downloads are protected by something far stronger than SSL\nalready, which might even have a chance against the NSA. Actual\nsignatures of the downloads with offline keys.\n\nI'm all pro-SSL and all that, but you are— piece by piece— really\nconvincing me that it produces an entirely false sense of security\nwhich is entirely unjustified.",
"sig": "85f2bcfdad19dc322860b553fc44c6d27d7263c89c0e3daa7f6c8110bbb0a3688a41cb6066b236d2ce28d4ae3f569d1b1436fee7fa3adac800738bb1d23a63a4"
}