|
Title: No HTTPS Post by: btcparanoid on May 17, 2011, 09:02:36 PM HTTPS is broken. This coupled with reports of irregular IP addresses makes me wonder if somebody may be currently intercepting login credentials for this site.
Title: Re: No HTTPS Post by: kseistrup on May 17, 2011, 09:08:52 PM HTTPS is broken. This coupled with reports of irregular IP addresses makes me wonder if somebody may be currently intercepting login credentials for this site. +1 Title: Re: No HTTPS Post by: Basiley on May 20, 2011, 07:47:41 AM HTTPS is broken. This coupled with reports of irregular IP addresses makes me wonder if somebody may be currently intercepting login credentials for this site. same issues and same concern.can anyone[preferably forum admin]post authentic IP-adress ? there and somewhere tamper-proof[I2P ?] Title: Re: No HTTPS Post by: SmokeTooMuch on May 20, 2011, 03:52:56 PM yep, https isn't working on the main site anymore, but it still works on forum.bitcoin.org
Title: Re: No HTTPS Post by: sirius on May 22, 2011, 02:45:52 PM We have a StartSSL certificate now.
Title: Re: No HTTPS Post by: sirius on May 22, 2011, 02:57:42 PM Bitcoin.org is on sf.net and they don't support https.
Title: Re: No HTTPS Post by: da2ce7 on May 22, 2011, 05:14:51 PM updated https everywhere rule-set that redirects the old https forum links: http://www.bitcoinservice.co.uk/files/875 (http://www.bitcoinservice.co.uk/files/875)
Title: Re: No HTTPS Post by: phillipsjk on June 12, 2011, 05:16:14 PM Good to know. (I found this thread by actually using the "search" function)
HTTPS provides authentication (through the use of certificates) as well as encryption. Of course, if you don't trust organizations like VeriSign, you need and out-of-band method for communicating the public key. Since the forums seem to support HTTPS, the link from http://bitcoin.org (http://bitcointalk.org/ ) should be changed to use HTTPS by default. Until about 2 months ago, I did not understand the need for ubiquitous encryption; even of publicly available information. Then I read this: Quote Advertising-UNISERVE shall have the right, without notice, to insert advertising data into the Internet browser used by a UNSERVE customer, and transferred to a UNISERVE customer over UNISERVE’s network, so long as this does not involve UNISERVE transmitting any personal information of the customer to whom such data is sent in contravention of the UNISERVE Privacy Commitment; - Section 27e, My ISP's Updated Terms of service (https://www.uniserve.com/about/terms-of-service/).PS: I don't use HTTPS everywhere because I leave Scripting disabled most the time. PPS: I know my website does not support encryption. My webshost wants $200/year for a certificate. Title: Re: No HTTPS Post by: wumpus on June 13, 2011, 01:59:02 PM Since the forums seem to support HTTPS, the link from http://bitcoin.org (http://bitcointalk.org/ +1) should be changed to use HTTPS by default. The reason that the link is still http is afaik because we used to have a self-signed certificate. This is fixed now, however. Forum should be HTTPS by default. Preferably, HTTP should be disabled completely, and cookies should be set to secure (SSL-only). |