๐
Original date posted:2011-12-19
๐๏ธ Summary of this message: HTTPS issues are social, not technical, with multiple CAs being tricked or strong-armed into issuing fake certificates. Bitcoin cannot solve this problem.
๐ Original message:On 2011 December 19 Monday, Jorge Timรณn wrote:
> Ok, so HTTP is not an option unless it shows a huge warning. I don't
> know the HTTPS possible attack, but maybe it needs a warning message
> too, from what you people are saying. Although using namecoin to
The problems with HTTPS have been social rather than technical. Multiple CAs
have been strong-armed by governments or tricked into issuing fake
certificates by scammers. There is no technical measure around that. By
using the CA certificate we are saying to the system "here is someone I trust
to issue a certificate". So far, with a large number of CAs, that trust is
misplaced.
I'm of the opinion though that this problem is outside the remit of bitcoin to
solve.
Perhaps we should be more strict about which CA certificates are trusted by
the bitcoin client: say restrict it to those who have demonstrably good
practices for verifying identity; rather than the ridiculous amount of trust
that comes pre-installed for me in my browser.
Andy
--
Dr Andy Parkins
andyparkins at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20111219/b557a325/attachment.sig>;
Andy Parkins [ARCHIVE] /
npub1nxโฆ7wjrv
2023-06-07 02:44:20
in reply to nevent1qโฆc35w
Author Public Key
npub1nxlvf9mj3jzgue25n5d9y47s3h5hvg0ded9hwpejdxj9mtrs34vs97wjrvPublished at
2023-06-07 02:44:20Event JSON
{
"id": "2a8ce8b36caf320c4295b745d4300b93e92d229ca575fff8275201d19041661e",
"pubkey": "99bec497728c848e65549d1a5257d08de97621edcb4b77073269a45dac708d59",
"created_at": 1686105860,
"kind": 1,
"tags": [
[
"e",
"247922e9146ee6b54a634fc05ad7a489892c01debcd0510d008be95a47f6db80",
"",
"root"
],
[
"e",
"ed56c00fe2c697f0a508d38cbb1d405cd4d92108343b9bbe1eac775adbc15b10",
"",
"reply"
],
[
"p",
"498a711971f8a0194289aee037a4c481a99e731b5151724064973cc0e0b27c84"
]
],
"content": "๐
Original date posted:2011-12-19\n๐๏ธ Summary of this message: HTTPS issues are social, not technical, with multiple CAs being tricked or strong-armed into issuing fake certificates. Bitcoin cannot solve this problem.\n๐ Original message:On 2011 December 19 Monday, Jorge Timรณn wrote:\n\u003e Ok, so HTTP is not an option unless it shows a huge warning. I don't\n\u003e know the HTTPS possible attack, but maybe it needs a warning message\n\u003e too, from what you people are saying. Although using namecoin to\n\nThe problems with HTTPS have been social rather than technical. Multiple CAs \nhave been strong-armed by governments or tricked into issuing fake \ncertificates by scammers. There is no technical measure around that. By \nusing the CA certificate we are saying to the system \"here is someone I trust \nto issue a certificate\". So far, with a large number of CAs, that trust is \nmisplaced.\n\nI'm of the opinion though that this problem is outside the remit of bitcoin to \nsolve.\n\nPerhaps we should be more strict about which CA certificates are trusted by \nthe bitcoin client: say restrict it to those who have demonstrably good \npractices for verifying identity; rather than the ridiculous amount of trust \nthat comes pre-installed for me in my browser.\n\n\n\nAndy\n\n-- \nDr Andy Parkins\nandyparkins at gmail.com\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 198 bytes\nDesc: This is a digitally signed message part.\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20111219/b557a325/attachment.sig\u003e",
"sig": "752a01ee4124f76e8f3103abd0f27d4ce6b05753c6ba34333c6369db66ff0b2f7d70ad94c18f30b4708e411e3c0d3eb7c8a5da0a13cdb09ffa7686e697fd7c9d"
}