Gregory Maxwell [ARCHIVE] on Nostr: 📅 Original date posted:2013-12-08 📝 Original message:On Sun, Dec 8, 2013 at ...
📅 Original date posted:2013-12-08
📝 Original message:On Sun, Dec 8, 2013 at 1:07 PM, Drak <drak at zikula.org> wrote:
> Simple verification relies on being able to answer the email sent to the
> person in the whois records, or standard admin/webmaster@ addresses to prove
> ownership of the domain
Godaddy and many other CA's are verified from nothing other than a
http fetch, no email involved.
As I said, I'm willing to demonstrate if you have a domain.
> You cannot MITM SSL connections
You can, once you've obtained a certificate.
> Anyway, I take your points, but this is an area I am quite passionate about
> so it's important for me to be clear.
As I warned before, you're making my reconsider my position about the
downloads being SSL. If people are so convinced that SSL provides
protection it does not that even with an explanation and and an offer
to demonstrate then perhaps providing SSL will reduce people's
security.
... the _only_ reason I don't yet hold that position now is that I
know objectively that almost no one tests the signatures.
On Sun, Dec 8, 2013 at 1:11 PM, Drak <drak at zikula.org> wrote:
> It's not just about trust, there is the robustness factor: what if he
> becomes sick, unavailable, hit by a bus? Others need the ability to pickup
> and run with it. The control over the domain (including ability to renew
> registration, alter nameservers) needs to be with more than one person.
> That's why I suggest using the same people who have control over the
> software project at sf,github.
My understanding is that the domain is already controlled by more than
one person. You're not the first person to think of these things. :)
Published at
2023-06-07 15:10:32Event JSON
{
"id": "cbc992d7a650ca283c94fa9b715f00970eeffbd9c8402e1d4b9b80e01cfdcd08",
"pubkey": "4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73",
"created_at": 1686150632,
"kind": 1,
"tags": [
[
"e",
"d517aa463a22abef5f03468f652eeefb44676da99926537d88111078c3e0468b",
"",
"root"
],
[
"e",
"e0faa3424fdca8ac73dfa743d0c0cbca824d2ddbdc86516ae67e1665747d6e04",
"",
"reply"
],
[
"p",
"50ece7cbb2dc316af1cd5da0d62e0e1fec40f20919242c8fbedd53702fba95db"
]
],
"content": "📅 Original date posted:2013-12-08\n📝 Original message:On Sun, Dec 8, 2013 at 1:07 PM, Drak \u003cdrak at zikula.org\u003e wrote:\n\u003e Simple verification relies on being able to answer the email sent to the\n\u003e person in the whois records, or standard admin/webmaster@ addresses to prove\n\u003e ownership of the domain\n\nGodaddy and many other CA's are verified from nothing other than a\nhttp fetch, no email involved.\n\nAs I said, I'm willing to demonstrate if you have a domain.\n\n\u003e You cannot MITM SSL connections\n\nYou can, once you've obtained a certificate.\n\n\u003e Anyway, I take your points, but this is an area I am quite passionate about\n\u003e so it's important for me to be clear.\n\nAs I warned before, you're making my reconsider my position about the\ndownloads being SSL. If people are so convinced that SSL provides\nprotection it does not that even with an explanation and and an offer\nto demonstrate then perhaps providing SSL will reduce people's\nsecurity.\n\n... the _only_ reason I don't yet hold that position now is that I\nknow objectively that almost no one tests the signatures.\n\nOn Sun, Dec 8, 2013 at 1:11 PM, Drak \u003cdrak at zikula.org\u003e wrote:\n\u003e It's not just about trust, there is the robustness factor: what if he\n\u003e becomes sick, unavailable, hit by a bus? Others need the ability to pickup\n\u003e and run with it. The control over the domain (including ability to renew\n\u003e registration, alter nameservers) needs to be with more than one person.\n\u003e That's why I suggest using the same people who have control over the\n\u003e software project at sf,github.\n\nMy understanding is that the domain is already controlled by more than\none person. You're not the first person to think of these things. :)",
"sig": "1d43bdfdbf91ad1718c5927234397911f500bab300362318b923c5fd0b4b85909d90ee606582d504748bb81313e495de9d216b67091301ce223ce1acaa695fba"
}