casascius (OP)
Mike Caldwell
VIP
Legendary
 Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
 |
January 05, 2011, 04:02:15 PM |
|
when anyone could just go to Startcom.org and get a SSL certificate recognized by all popular browsers for free?
startssl.com
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|
Cdecker
|
|
January 05, 2011, 05:05:50 PM |
|
+1 really disconcerting for new users
|
|
|
|
WSDN
Sr. Member
Offline
Activity: 493
Merit: 250
IDENA.IO - Proof-Of-Person Blockchain
|
|
January 05, 2011, 07:04:20 PM |
|
but is best a strong self certificate than a free a insecure 128/256 bits certificate. the strong cetificate are 4096 bit and more.
|
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
January 05, 2011, 11:41:50 PM
Last edit: January 05, 2011, 11:53:15 PM by casascius |
|
but is best a strong self certificate than a free a insecure 128/256 bits certificate. the strong cetificate are 4096 bit and more.
This is nonsense - the free certificate is secure. 128/256 bits refers to the cipher (such as RC4) used on SSL and has nothing to do with the certificate itself. The last certificate I got from StartSSL was for a 2048 bit key. Standard procedure for generating SSL certs, they give you a certificate for YOUR key. You decide the key size, not them. You generate the key yourself (web server software can do this), give them the CSR (certificate signing request - which is a bunch of base64-encoded gibberish that contains only the public key), and they produce the certificate from that. In requesting the certificate, the private key you generate is never divulged (it is never sent to the certificate authority or anyone else) and that is how you know it's secure, free or not. |
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
sirius
Bitcoiner
Sr. Member
Offline
Activity: 429
Merit: 1002
|
|
January 06, 2011, 12:53:40 AM |
|
Satoshi owns the domain so this is up to him.
|
|
|
|
|
dmp1ce
|
|
April 28, 2011, 06:59:34 PM |
|
I don't have a problem with the self signing so much, but it would be nice if I could upload a Bitcoin CA certificate to my browser or use a signed Bitcoin gpg key for monkeysphere. Does anyone know if these exist?
|
|
|
|
|
Pieter Wuille
|
|
April 28, 2011, 11:27:45 PM |
|
+1
A system like bitcoin which is based on strong cryptography cannot afford not having a certificate accepted by most browsers.
|
I do Bitcoin stuff.
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
April 28, 2011, 11:48:54 PM |
|
+1
A system like bitcoin which is based on strong cryptography cannot afford not having a certificate accepted by most browsers.
Too bad this suggestion falls on deaf ears. You'll soon hear that "nobody" uses HTTPS to connect to bitcoin.org anyway. It's almost May, I started this thread in January and have brought it up about half a dozen times. |
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
rogerdpack
Newbie
Offline
Activity: 1
Merit: 0
|
|
April 30, 2011, 09:34:28 AM |
|
Satoshi, if you are around could you please install a real certificate for https for bitcoin.org, or allow domain rights to someone who will help out in that regard?
Thanks!
-r
|
|
|
|
|
|
|
fetokun
Full Member
Offline
Activity: 210
Merit: 100
Presale is live!
|
|
April 30, 2011, 10:33:59 AM |
|
kind of ironic, isn't it? |
|
|
|
MagicalTux
VIP
Hero Member
Offline
Activity: 608
Merit: 501
-
|
|
April 30, 2011, 01:59:40 PM |
|
For info I got the ssl for the wiki (bitcoin.it) from startssl  I would recommend startssl for bitcoin.org too. |
|
|
|
|
xf2_org
Member
Offline
Activity: 98
Merit: 13
|
|
April 30, 2011, 02:32:06 PM |
|
We need satoshi to (a) acknowledge a single email, or (b) transfer bitcoin.org to Gavin or elsewhere.
Otherwise SSL is a non-starter.
|
|
|
|
|
|
wumpus
|
|
May 01, 2011, 08:05:39 AM |
|
Can this please be addressed?
A site about a currency shouldn't have an amateur self-signed SSL certificate. It reeks fishy to new users.
|
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts. |
|
|
theymos
Administrator
Legendary
Offline
Activity: 5376
Merit: 13407
|
|
May 01, 2011, 08:09:21 AM |
|
If Satoshi removed the MX records for the domain, Sirius could receive mail for bitcoin.org. That would probably be the easiest solution.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
xf2_org
Member
Offline
Activity: 98
Merit: 13
|
|
May 01, 2011, 06:29:09 PM |
|
If Satoshi removed the MX records for the domain, Sirius could receive mail for bitcoin.org. That would probably be the easiest solution.
Unfortunately, it must be contact@anonymousspeech.com, the email registered in 'whois' for bitcoin.org. |
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5376
Merit: 13407
|
|
May 01, 2011, 07:55:39 PM |
|
Startcom also lets you use postmaster@domain.org. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
May 08, 2011, 12:18:27 AM |
|
And controlling the server you can control where those emails get delivered  |
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5376
Merit: 13407
|
|
May 08, 2011, 12:44:46 AM |
|
And controlling the server you can control where those emails get delivered There are already MX records, though, which I believe would override the A record in mail delivery. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
xf2_org
Member
Offline
Activity: 98
Merit: 13
|
|
May 08, 2011, 01:53:41 AM |
|
And controlling the server you can control where those emails get delivered There are already MX records, though, which I believe would override the A record in mail delivery. Correct... unless those MX servers die or become unreachable. |
|
|
|
|
|
