you make a really good point, and one that I had not even considered that I wish I had have included into my original proposal.  Much like BCNext's brainwallet provides plausible deniability, SSL would work alongside that for the same purpose.

And I do believe this will be temporary - maybe just for a year or 2 until SPs come along and provide the same functionality but on a basis where they are in the business to make $.  Then the SP will do their own cert.  But I am just running these VPSs to support NXT, not for profit, at least not anytime soon do I expect to be able to offer any kind of SP.

Another reason I want a domain wildcard cert is to be able to provide it to the wiki admin.  They REALLY NEED a valid SSL cert for their wiki, for login/editing purposes of the editors.  Consider that ideally, TOR is likely to be used by many people and if using tor, you REALLY NEED to be using SSL for pretty much everything you can - tor basically presents a MITM that could do attacks if you dont SSL your connection.

The only way to make 1 cert work for every single node is for every node to be a host on a single domain.  Given that then it would be possible for the domain administrator to revoke a cert, thus causing DoS, then it would be possible for a single entity (admin of whatever domain) to revoke everything.  so this is really a bad ideaa, and this is why in my proposal I suggested that different VPS operators use different SSL certs than what I do.

The free alternative (and not really that bad of a method either) is for use VPS operators to issue our own CA cert and sign our host nodes with that.  But then the client software devs for the lite clients will have to include all of these CA certs into their software package.  This should be a good solution, just has the extra step of organizing and including the certs into the software packages.  (This step isnt required if we use publicly trusted CA certs to sign our server certs, which is what I had originally asked funds for.

yep, even though hes an easily butthurt assclown that has problems relating with normal people (your near-demand for upfront payment with no proof whatsoever proves you have zero clue how societal norms work*), sure, we will pay him if he has uncovered something big.

*we will give you a pass if you are a non-native English-speaking person who mistakenly demanded $ up front w/o a shred of evidence/proof

ok here is the part where I say: you are 100% completely full of shit, have zero clue WTF you are talking about, and your 'proof' will be laughed at, if you have the balls to release it, which im sure you have no balls.  You are a fucking moron.  Everyone took your statement and asked for more before counting you off, as a sane person should have.  We were very cordial up front before you let yourself get soo butthurt. "normal" dudes like you?  please, give me a break.  for one "normal" dudes arent "trading 100K USD per day" on some crypto exchange.  fucking idiot.

great.  yet another butthurt prima donna.  dude, just do it already.

It will drive more transactions on the NXT main chain.  So the more things run on top of NXT like nodecoin, the more traffic NXT gets as a whole, and more transactions = more fees paid out.

ok, perform your trick, create 100 NXT, then get with CfB/JLP and point out the flaw and have them fix it.  Or just burn it all to the ground.  Do you recall how Dr Evil handled things for the flaw he discovered?

2 seems to contradict 1.  IMO, the more active nodecoin is, the more valuable NXT is

definitely clever as it really hits home the point of NXT and its capabilities in the first place.

OUTSTANDING.  bravo.  all agreed?

its too bad boobs arent self-sustaining.... I wish they were always perky but eventually they all droop

Like I said before, its not required, and can work in a trustless environment; like I said, the benefit is that NXT presents a more polished product to the worl to use if the lite clients:
1. Prefer a group of high availability servers
2. Those servers use SSL.

I guess I wasnt clear before in my email that this is mainly for the aesthetics of NXT's presentation of the lite client architecture, and that I mainly wanted the group to consider these 2 points and whether or not they thought it was worthwhile to pursue.

It is high because it is from a vendor that allows anonymity for certs AND the cert is a wildcard cert that will work with all hosts on a domain (remember we have 12 VPSs here).  At least I believe it allows anonymity, I am still waiting on verification from ITITCH.  If I cannot maintain anonymity or if they wont let me use some kind of alias then I wont pursue this at all.  But I am not opposed on a product from any much less expensive provider if they offer anonymity.

If I were offering a product to the world where my goal was to profit, then privacy wouldnt be a big deal.

still?  so these 73 accounts can juggle their NXT around and immediately forge with all of it w/o waiting?

wait a tic...

Genesis block ID is 2680262203532249785, generated by account 1739068987193023818. Then 793 seconds later, account 10105875265190846103 which at the time had 170486123 as its balance, generated block 6556228577102711328.  But at that point its effectiveBalance was still 0. So how did anyone ever generate ANY blocks.  It seems there should have been a permanent catch-22 situation here.  Did the first clients simply not have the concept of effectiveBalance?

well I just came across this from the original thread; is it obsolete?  BTW I found it on the wiki under whitepaper section....  Im very impressed with what you braintrust guys have put together so far.  Ive determined that Im finally going to spend some time and understand hit/target and the formula for when an account can forge...

I am already covering all other aspects of finance and operations for the network of VPSs that I run.  These have been funded by neer.g and by 1 other donor, I think it was pouncer but not sure.  In any event, these 12 VPSs are funded till almost end of year and Im not requesting funding for them at this point.  I also run an additional 13 VPSs that are paid for by other members where I simply manage them for the users.

You may have seen development talk regarding lite clients and local signing of transactions so as to be able to run a client that does not maintain a blockchain - these clients simply query public VPSs for account status and they also sign transactions and feed the transactions to the public VPSs to be broadcast to the network and forged into a block by whoever the next forger is.

My proposal is to use HTTPS/SSL encryption on the VPSs to provide a measure of authentication between the users and the VPS used when local signing is implemented (very soon now).  This will provide a layer of authentication security from the VPS to the user.

Note that this HTTPS/SSL is not actually required.  But IMO it is worth pursuing, and not just for me, but for other VPS operators that can provide a very high level of uptime of their servers for the purpose of serving these lite clients.  Another benefit of real live SSL is that it will just "look good" for NXT to be able to brag that there is a network of SSL hosts out there serving the lite clients.

So like I said - not required as these lite clients *could* just use wellKnownPeers and send signed transactions to them, but IMO the better way to provide reliable service to lite clients is to have the lite client software devs use, instead of random wellKnownPeers, instead use a list of very well maintained, high-available nodes, like the nxtcrypto.org ones, along with others VPS operators who demonstrate competence, and for the added layer of security, use HTTPS/SSL on all of them as more solid proof that the folks running the NXT network know what they are doing.

However, I agree with BCNext on creating a system that is capable of operating without trust.  So if you cannot find multiple VPS networks to be preferred by lite clients to serve these lite clients, and mine is the only one, then that scenario would not be able to operate w/o trust and I (and everyone else) would prefer that my VPS network simply not be preferred by the lite clients at all, and in that case, IMO there would be no need for SSL.

So thats pretty much it, Ive laid out the pros/cons, you guys let me know.

How can I request funding?  I would like to set up my network of public VPSs on SSL security to act as processors for lite clients that only sign transactions and submit them to public VPSs.  A wildcard cert for nxtcrypto.org domain to cover unlimited hosts is 468 euro

scratch my previous CA.  Im doinga self signed wildcard CA

In that case today/tomorrow I will convert vps1 - vps12 on nxtcrypto.org to be HTTPS only and they will use the following CA


VPSs vps13 - vps26 are not under my sole control and not commited to for funding on a perm basis, so should not be used in your lite clients for transaction signing.