š
Original date posted:2011-12-16
šļø Summary of this message: The use of HTTPS is centralized, but necessary for secure communication. Trust is needed somewhere, and until PGP support is available, CAs are necessary.
š Original message:On 2011 December 16 Friday, Rick Wesson wrote:
> I believe that any URI scheme will still leverage DNS and inherit any
> base issues you would have with TXT records. I suggest looking at DANE
HTTPS takes care of that.
> and reviewing their work on hardening certificate (x.509)
> infrastructure as your HTTPS scheme will inherit the issues we
> currently experience with CAs getting p0wned.
This is the only real problem with HTTPS: we would be centralising part of our
otherwise decentralised system. CAs are certainly a risk.
However, trust is needed somewhere in the communication. There is no way to
securely communicate between A and B without the use of some previously
trusted secure channel -- in Joe Sixpack's case it's by assuming that the
browser he downloaded came with an untainted CA list, and that the CAs are
trustworthy. Neither of which is guaranteed. Until and unless we get PGP
support in browsers, CAs are all that we have.
Worrying about CAs misses the point anyway; if we're being that paranoid --
how did A tell B the appropriate alias to use for a lookup? Was that channel
secure too? I could set up a MITM server that simply looks for the alias
"RICKWESSON at bitcoinaliases.org" and rewrites it to
"ANDYPARKINS at bitcoinaliases.org". When the answer to that problem is HTTPS
(or some other system that requires a previously authorised secure channel for
transfer of trust), then we're back where we started, and HTTPS is acceptable.
Andy
--
Dr Andy Parkins
andyparkins at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20111216/c16ac4b7/attachment.sig>;
Andy Parkins [ARCHIVE] /
npub1nxā¦7wjrv
2023-06-07 02:45:26
in reply to nevent1qā¦j96y
Author Public Key
npub1nxlvf9mj3jzgue25n5d9y47s3h5hvg0ded9hwpejdxj9mtrs34vs97wjrvPublished at
2023-06-07 02:45:26Event JSON
{
"id": "6353edbd5da19030c5c47eadd930b030514fc66e6b65ff450efb729cbf941096",
"pubkey": "99bec497728c848e65549d1a5257d08de97621edcb4b77073269a45dac708d59",
"created_at": 1686105926,
"kind": 1,
"tags": [
[
"e",
"247922e9146ee6b54a634fc05ad7a489892c01debcd0510d008be95a47f6db80",
"",
"root"
],
[
"e",
"c60fcfee5ee7c2d127ab7c856797bcedcc6c61985c506fd3eea9f3c5aa90cb57",
"",
"reply"
],
[
"p",
"308e0d1efb1707ac6b92cd0b19c304882b3919f4bd59336c4a718c159bdcf63b"
]
],
"content": "š
Original date posted:2011-12-16\nšļø Summary of this message: The use of HTTPS is centralized, but necessary for secure communication. Trust is needed somewhere, and until PGP support is available, CAs are necessary.\nš Original message:On 2011 December 16 Friday, Rick Wesson wrote:\n\n\u003e I believe that any URI scheme will still leverage DNS and inherit any\n\u003e base issues you would have with TXT records. I suggest looking at DANE\n\nHTTPS takes care of that.\n\n\u003e and reviewing their work on hardening certificate (x.509)\n\u003e infrastructure as your HTTPS scheme will inherit the issues we\n\u003e currently experience with CAs getting p0wned.\n\nThis is the only real problem with HTTPS: we would be centralising part of our \notherwise decentralised system. CAs are certainly a risk.\n\nHowever, trust is needed somewhere in the communication. There is no way to \nsecurely communicate between A and B without the use of some previously \ntrusted secure channel -- in Joe Sixpack's case it's by assuming that the \nbrowser he downloaded came with an untainted CA list, and that the CAs are \ntrustworthy. Neither of which is guaranteed. Until and unless we get PGP \nsupport in browsers, CAs are all that we have.\n\nWorrying about CAs misses the point anyway; if we're being that paranoid -- \nhow did A tell B the appropriate alias to use for a lookup? Was that channel \nsecure too? I could set up a MITM server that simply looks for the alias \n\"RICKWESSON at bitcoinaliases.org\" and rewrites it to \n\"ANDYPARKINS at bitcoinaliases.org\". When the answer to that problem is HTTPS \n(or some other system that requires a previously authorised secure channel for \ntransfer of trust), then we're back where we started, and HTTPS is acceptable.\n\n\n\nAndy\n\n-- \nDr Andy Parkins\nandyparkins at gmail.com\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 198 bytes\nDesc: This is a digitally signed message part.\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20111216/c16ac4b7/attachment.sig\u003e",
"sig": "8150e59c1f95f85a5194ee32f04adb4449c6c3a13269e0c1dafea3690c6ea04d01c2b966f480538b2efe864324cb59d54ba049b74fac1dc977bae6fca04d5269"
}