Bitcoin Forum
March 19, 2024, 02:45:08 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Why is bitcoin.org using a self-signed SSL certificate...  (Read 3764 times)
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
January 05, 2011, 04:02:15 PM
 #1

when anyone could just go to Startcom.org and get a SSL certificate recognized by all popular browsers for free?

startssl.com

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
1710816308
Hero Member
*
Offline Offline

Posts: 1710816308

View Profile Personal Message (Offline)

Ignore
1710816308
Reply with quote  #2

1710816308
Report to moderator
1710816308
Hero Member
*
Offline Offline

Posts: 1710816308

View Profile Personal Message (Offline)

Ignore
1710816308
Reply with quote  #2

1710816308
Report to moderator
If you see garbage posts (off-topic, trolling, spam, no point, etc.), use the "report to moderator" links. All reports are investigated, though you will rarely be contacted about your reports.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1710816308
Hero Member
*
Offline Offline

Posts: 1710816308

View Profile Personal Message (Offline)

Ignore
1710816308
Reply with quote  #2

1710816308
Report to moderator
1710816308
Hero Member
*
Offline Offline

Posts: 1710816308

View Profile Personal Message (Offline)

Ignore
1710816308
Reply with quote  #2

1710816308
Report to moderator
Cdecker
Hero Member
*****
Offline Offline

Activity: 489
Merit: 504



View Profile WWW
January 05, 2011, 05:05:50 PM
 #2

+1 really disconcerting for new users

Want to see what developers are chatting about? http://bitcoinstats.com/irc/bitcoin-dev/logs/
Bitcoin-OTC Rating
WSDN
Sr. Member
****
Offline Offline

Activity: 493
Merit: 250


IDENA.IO - Proof-Of-Person Blockchain


View Profile
January 05, 2011, 07:04:20 PM
 #3

but is best a strong self certificate than a free a insecure 128/256 bits certificate. the strong cetificate are 4096 bit and more.

              ▄▄▄ ▀▀▀▀▀▀▀▀▀ ▄▄▄
           ▄▀▀    ▄▄▄▄▄▄▄▄▄    ▀▀▄
        ▄▀▀  ▄▄▀█          ▀█▀▄▄  ▀▀▄
      ▄▀▀ ▄▄▀    ▀▀▄▄▄▄▄▄▄▀▀    ▀▄▄ ▀▀▄
     █   █            ▀            █   █
   ▄▀ █  ▀▄▄                     ▄█▀  █ ▀▄
  ▄▀ ▄▀ █▄ ▀▀▀██▄▄▄       ▄▄▄██▀▀  ██ ▀▄ ▀▄
  ▀▄▀▀▄ ██ ▄▄▄▄▄▄  ▀▄   ▄▀  ▄▄▄▄▄▄ ██ ▄▀▀▄▀
 ██   █ ██ ▀▄    ▀▄ █   █ ▄▀    ▄▀ ██ █  ▀██
 █  ▄█  ▀█  ▀▀▀▀▀▀▀ █   █ ▀▀▀▀▀▀▀  █   █▄  █
█▀ █  █  █          █   █          █  █  █ ▀▀
 █▀  ▄▀  █▀▄        █   █        ▄▀█  ▀▄  ▀█
 ▄  █▀   █ ▀█▄      ▀   ▀      ▄█▀ █  ▄▀█  ▄
 █▄▀  █  █                         █  █  ▀▄█
 ▀▄  █   ▀█        ▄▄▀▄▀▄▄        █▀   █  ▄
  ▀▄▀▀  █▄ █     ▀█  ▀▀▀  █▀     █ ▄█ ▄▀▀▄▀
   ▀ ▄  ██ █▀▄     ▀▀▄▄▄▀▀     ▄▀█ ██ ▀▄ ▀
    ▀█  ██ █ █▀▄    ▄▄▄▄▄    ▄▀█ █ ██  █▀
      ▀▄ ▀ █ █ ██▄         ▄██ █ █ ▀ ▄▀
        ▀▄ █ █ █ ▀█▄     ▄█▀ █ █ █ ▄▀
          ▀▀▄█ █    ▀▀▀▀▀    █ █▄▀▀
              ▀▀ ▄▄▄▄▄▄▄▄▄▄▄ ▀▀
   
I  D  E  N  A
   
Proof-of-Person Blockchain

Join the mining of the first human-centric
cryptocurrency
 



 
▲    2 6 8 0

N  O  D  E  S
   
                ██
                ██
                ██
                ██
                ██
         ▄      ██      ▄
         ███▄   ██   ▄███
          ▀███▄ ██ ▄███▀
            ▀████████▀
              ▀████▀
                ▀▀
██▄                            ▄██
███                            ███
███                            ███
███                            ███
 ███▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄███
  ▀▀██████████████████████████▀▀
   
D O W N L O A D

Idena node

   
   
▄▄▄██████▄▄▄
▄▄████████████████▄▄
▄█████▀▀        ▀▀█████▄
████▀                ▀████
███▀    ▄▄▄▄▄▄▄▄▄       ▀███
███      █   ▄▄ █▀▄        ███
██▀      █  ███ █  ▀▄      ▀██
███       █   ▀▀ ▀▀▀▀█       ███
███       █  ▄▄▄▄▄▄  █       ███
███       █  ▄▄▄▄▄▄  █       ███
██▄      █  ▄▄▄▄▄▄  █      ▄██
███      █          █      ███
███▄    ▀▀▀▀▀▀▀▀▀▀▀▀    ▄███
████▄                ▄████
▀█████▄▄        ▄▄█████▀
▀▀████████████████▀▀
▀▀▀██████▀▀▀
   
    ███





███

REQUEST INVITATION
███
  █
  █
  █
  █
  █
███
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
January 05, 2011, 11:41:50 PM
Last edit: January 05, 2011, 11:53:15 PM by casascius
 #4

but is best a strong self certificate than a free a insecure 128/256 bits certificate. the strong cetificate are 4096 bit and more.

This is nonsense - the free certificate is secure.   128/256 bits refers to the cipher (such as RC4) used on SSL and has nothing to do with the certificate itself.  The last certificate I got from StartSSL was for a 2048 bit key.

Standard procedure for generating SSL certs, they give you a certificate for YOUR key.  You decide the key size, not them.

You generate the key yourself (web server software can do this), give them the CSR (certificate signing request - which is a bunch of base64-encoded gibberish that contains only the public key), and they produce the certificate from that.

In requesting the certificate, the private key you generate is never divulged (it is never sent to the certificate authority or anyone else) and that is how you know it's secure, free or not.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
sirius
Bitcoiner
Sr. Member
****
Offline Offline

Activity: 429
Merit: 919



View Profile
January 06, 2011, 12:53:40 AM
 #5

Satoshi owns the domain so this is up to him.

Iris — for better social networks
I'm not a forum admin - please contact theymos instead.
dmp1ce
Member
**
Offline Offline

Activity: 69
Merit: 10


View Profile WWW
April 28, 2011, 06:59:34 PM
 #6

I don't have a problem with the self signing so much, but it would be nice if I could upload a Bitcoin CA certificate to my browser or use a signed Bitcoin gpg key for monkeysphere.  Does anyone know if these exist?

BTCmon - Support great bitcoin apps
Pieter Wuille
Legendary
*
qt
Offline Offline

Activity: 1072
Merit: 1170


View Profile WWW
April 28, 2011, 11:27:45 PM
 #7

+1

A system like bitcoin which is based on strong cryptography cannot afford not having a certificate accepted by most browsers.

I do Bitcoin stuff.
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 28, 2011, 11:48:54 PM
 #8

+1

A system like bitcoin which is based on strong cryptography cannot afford not having a certificate accepted by most browsers.

Too bad this suggestion falls on deaf ears.  You'll soon hear that "nobody" uses HTTPS to connect to bitcoin.org anyway.  It's almost May, I started this thread in January and have brought it up about half a dozen times.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
rogerdpack
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
April 30, 2011, 09:34:28 AM
 #9

Satoshi, if you are around could you please install a real certificate for https for bitcoin.org, or allow domain rights to someone who will help out in that regard?
Thanks!
-r
fetokun
Full Member
***
Offline Offline

Activity: 210
Merit: 100


Presale is live!


View Profile
April 30, 2011, 10:24:56 AM
 #10

any of you able to access https://auth.startssl.com/ ?

fetokun
Full Member
***
Offline Offline

Activity: 210
Merit: 100


Presale is live!


View Profile
April 30, 2011, 10:33:59 AM
 #11


kind of ironic, isn't it?

MagicalTux
VIP
Hero Member
*
expert
Offline Offline

Activity: 608
Merit: 501


-


View Profile
April 30, 2011, 01:59:40 PM
 #12

For info I got the ssl for the wiki (bitcoin.it) from startssl Smiley

I would recommend startssl for bitcoin.org too.
xf2_org
Member
**
Offline Offline

Activity: 98
Merit: 13


View Profile
April 30, 2011, 02:32:06 PM
 #13

We need satoshi to (a) acknowledge a single email, or (b) transfer bitcoin.org to Gavin or elsewhere.

Otherwise SSL is a non-starter.

wumpus
Hero Member
*****
qt
Offline Offline

Activity: 812
Merit: 1022

No Maps for These Territories


View Profile
May 01, 2011, 08:05:39 AM
 #14

Can this please be addressed?

A site about a currency shouldn't have an amateur self-signed SSL certificate. It reeks fishy to new users.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 5138
Merit: 12564


View Profile
May 01, 2011, 08:09:21 AM
 #15

If Satoshi removed the MX records for the domain, Sirius could receive mail for bitcoin.org. That would probably be the easiest solution.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
xf2_org
Member
**
Offline Offline

Activity: 98
Merit: 13


View Profile
May 01, 2011, 06:29:09 PM
 #16

If Satoshi removed the MX records for the domain, Sirius could receive mail for bitcoin.org. That would probably be the easiest solution.

Unfortunately, it must be contact@anonymousspeech.com, the email registered in 'whois' for bitcoin.org.

theymos
Administrator
Legendary
*
Offline Offline

Activity: 5138
Merit: 12564


View Profile
May 01, 2011, 07:55:39 PM
 #17

Unfortunately, it must be contact@anonymousspeech.com, the email registered in 'whois' for bitcoin.org.

Startcom also lets you use postmaster@domain.org.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
May 08, 2011, 12:18:27 AM
 #18

Unfortunately, it must be contact@anonymousspeech.com, the email registered in 'whois' for bitcoin.org.

Startcom also lets you use postmaster@domain.org.

And controlling the server you can control where those emails get delivered Wink
theymos
Administrator
Legendary
*
Offline Offline

Activity: 5138
Merit: 12564


View Profile
May 08, 2011, 12:44:46 AM
 #19

And controlling the server you can control where those emails get delivered Wink

There are already MX records, though, which I believe would override the A record in mail delivery.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
xf2_org
Member
**
Offline Offline

Activity: 98
Merit: 13


View Profile
May 08, 2011, 01:53:41 AM
 #20

And controlling the server you can control where those emails get delivered Wink

There are already MX records, though, which I believe would override the A record in mail delivery.

Correct... unless those MX servers die or become unreachable.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!