Bitcoin Forum
December 09, 2016, 03:57:57 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Why is bitcoin.org using a self-signed SSL certificate...  (Read 3326 times)
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
January 05, 2011, 04:02:15 PM
 #1

when anyone could just go to Startcom.org and get a SSL certificate recognized by all popular browsers for free?

startssl.com

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
1481255877
Hero Member
*
Offline Offline

Posts: 1481255877

View Profile Personal Message (Offline)

Ignore
1481255877
Reply with quote  #2

1481255877
Report to moderator
1481255877
Hero Member
*
Offline Offline

Posts: 1481255877

View Profile Personal Message (Offline)

Ignore
1481255877
Reply with quote  #2

1481255877
Report to moderator
1481255877
Hero Member
*
Offline Offline

Posts: 1481255877

View Profile Personal Message (Offline)

Ignore
1481255877
Reply with quote  #2

1481255877
Report to moderator
"Your bitcoin is secured in a way that is physically impossible for others to access, no matter for what reason, no matter how good the excuse, no matter a majority of miners, no matter what." -- gmaxwell
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481255877
Hero Member
*
Offline Offline

Posts: 1481255877

View Profile Personal Message (Offline)

Ignore
1481255877
Reply with quote  #2

1481255877
Report to moderator
1481255877
Hero Member
*
Offline Offline

Posts: 1481255877

View Profile Personal Message (Offline)

Ignore
1481255877
Reply with quote  #2

1481255877
Report to moderator
1481255877
Hero Member
*
Offline Offline

Posts: 1481255877

View Profile Personal Message (Offline)

Ignore
1481255877
Reply with quote  #2

1481255877
Report to moderator
Cdecker
Hero Member
*****
Offline Offline

Activity: 487



View Profile WWW
January 05, 2011, 05:05:50 PM
 #2

+1 really disconcerting for new users

Want to see what developers are chatting about? http://bitcoinstats.com/irc/bitcoin-dev/logs/
Bitcoin-OTC Rating
WSDN
Member
**
Offline Offline

Activity: 109


Unix Live free or die...


View Profile WWW
January 05, 2011, 07:04:20 PM
 #3

but is best a strong self certificate than a free a insecure 128/256 bits certificate. the strong cetificate are 4096 bit and more.

Bitcoin in spanish http://bitcoins.com.ar/
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
January 05, 2011, 11:41:50 PM
 #4

but is best a strong self certificate than a free a insecure 128/256 bits certificate. the strong cetificate are 4096 bit and more.

This is nonsense - the free certificate is secure.   128/256 bits refers to the cipher (such as RC4) used on SSL and has nothing to do with the certificate itself.  The last certificate I got from StartSSL was for a 2048 bit key.

Standard procedure for generating SSL certs, they give you a certificate for YOUR key.  You decide the key size, not them.

You generate the key yourself (web server software can do this), give them the CSR (certificate signing request - which is a bunch of base64-encoded gibberish that contains only the public key), and they produce the certificate from that.

In requesting the certificate, the private key you generate is never divulged (it is never sent to the certificate authority or anyone else) and that is how you know it's secure, free or not.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
sirius
Bitcoiner
Staff
Sr. Member
****
Offline Offline

Activity: 429



View Profile
January 06, 2011, 12:53:40 AM
 #5

Satoshi owns the domain so this is up to him.

Identifi - Decentralized address book with trust ratings
I'm not a forum admin - please contact theymos instead.
dmp1ce
Member
**
Offline Offline

Activity: 69


View Profile WWW
April 28, 2011, 06:59:34 PM
 #6

I don't have a problem with the self signing so much, but it would be nice if I could upload a Bitcoin CA certificate to my browser or use a signed Bitcoin gpg key for monkeysphere.  Does anyone know if these exist?

BTCmon - Support great bitcoin apps
Pieter Wuille
Legendary
*
qt
Offline Offline

Activity: 1036


View Profile WWW
April 28, 2011, 11:27:45 PM
 #7

+1

A system like bitcoin which is based on strong cryptography cannot afford not having a certificate accepted by most browsers.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 28, 2011, 11:48:54 PM
 #8

+1

A system like bitcoin which is based on strong cryptography cannot afford not having a certificate accepted by most browsers.

Too bad this suggestion falls on deaf ears.  You'll soon hear that "nobody" uses HTTPS to connect to bitcoin.org anyway.  It's almost May, I started this thread in January and have brought it up about half a dozen times.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
rogerdpack
Newbie
*
Offline Offline

Activity: 1


View Profile
April 30, 2011, 09:34:28 AM
 #9

Satoshi, if you are around could you please install a real certificate for https for bitcoin.org, or allow domain rights to someone who will help out in that regard?
Thanks!
-r
fetokun
Full Member
***
Offline Offline

Activity: 126



View Profile
April 30, 2011, 10:24:56 AM
 #10

any of you able to access https://auth.startssl.com/ ?
fetokun
Full Member
***
Offline Offline

Activity: 126



View Profile
April 30, 2011, 10:33:59 AM
 #11


kind of ironic, isn't it?
MagicalTux
VIP
Hero Member
*
expert
Offline Offline

Activity: 617


Working on new MtGox features


View Profile WWW
April 30, 2011, 01:59:40 PM
 #12

For info I got the ssl for the wiki (bitcoin.it) from startssl Smiley

I would recommend startssl for bitcoin.org too.

xf2_org
Member
**
Offline Offline

Activity: 70


View Profile
April 30, 2011, 02:32:06 PM
 #13

We need satoshi to (a) acknowledge a single email, or (b) transfer bitcoin.org to Gavin or elsewhere.

Otherwise SSL is a non-starter.

wumpus
Hero Member
*****
qt
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
May 01, 2011, 08:05:39 AM
 #14

Can this please be addressed?

A site about a currency shouldn't have an amateur self-signed SSL certificate. It reeks fishy to new users.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2506


View Profile
May 01, 2011, 08:09:21 AM
 #15

If Satoshi removed the MX records for the domain, Sirius could receive mail for bitcoin.org. That would probably be the easiest solution.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
xf2_org
Member
**
Offline Offline

Activity: 70


View Profile
May 01, 2011, 06:29:09 PM
 #16

If Satoshi removed the MX records for the domain, Sirius could receive mail for bitcoin.org. That would probably be the easiest solution.

Unfortunately, it must be contact@anonymousspeech.com, the email registered in 'whois' for bitcoin.org.

theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2506


View Profile
May 01, 2011, 07:55:39 PM
 #17

Unfortunately, it must be contact@anonymousspeech.com, the email registered in 'whois' for bitcoin.org.

Startcom also lets you use postmaster@domain.org.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
May 08, 2011, 12:18:27 AM
 #18

Unfortunately, it must be contact@anonymousspeech.com, the email registered in 'whois' for bitcoin.org.

Startcom also lets you use postmaster@domain.org.

And controlling the server you can control where those emails get delivered Wink

theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2506


View Profile
May 08, 2011, 12:44:46 AM
 #19

And controlling the server you can control where those emails get delivered Wink

There are already MX records, though, which I believe would override the A record in mail delivery.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
xf2_org
Member
**
Offline Offline

Activity: 70


View Profile
May 08, 2011, 01:53:41 AM
 #20

And controlling the server you can control where those emails get delivered Wink

There are already MX records, though, which I believe would override the A record in mail delivery.

Correct... unless those MX servers die or become unreachable.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!