bitcoin.org and sourceforge.net are not running on https

[jl2012]

I put this here because this is actually related to the security of the reference client.

Without https, MITM attack is really simple. For example, the Chinese government is notorious for DNS hijacking. Although the bitcoin-qt windows package is signed by bitcoin foundation, it is really easy to establish another bitcoin foundation inc. in another country and apply a legit cert for it.

Is there any reason not to run bitcoin.org on https, and host the binary of reference client on sf.net? It sounds quite irony as PKI is implemented in the payment protocol while the client itself is not properly protected by this.

[1714986468]

1714986468

[1714986468]

1714986468

[1714986468]

1714986468

[dree12]

Many people don't realize the severity of this problem. SatoshiDICE also doesn't use HTTPS, so a MITM can change the addresses to whomever. Any Bitcoin business that displays addresses should be using HTTPS, and any client download website should as well.

[jl2012]

Many people don't realize the severity of this problem. SatoshiDICE also doesn't use HTTPS, so a MITM can change the addresses to whomever. Any Bitcoin business that displays addresses should be using HTTPS, and any client download website should as well.

The sites for Armory and Electrum are also not running on https

I guess this is discussed somewhere else: who is holding and paying for bitcoin.org and bitcoin.net? Both were registered by Satoshi but bitcoin.net is now directed to a parking site and will expire in August 2016. I guess bitcoin.org is held by Gavin?

[theymos]

bitcoin.org is hosted on GitHub, which doesn't support HTTPS.

For example, the Chinese government is notorious for DNS hijacking.

The Chinese government also controls several certificate authorities, so they can bypass HTTPS anyway.

[bee7]

@jl2012, @dree12, although I would not argue that the MITM problem has place, I would like to ask you, what kind of OS you are using? This is a rhetorical question. Let's assume that many people are using Windows and - even more - they are using IE. Everyone knows that it has many flaws and security problems. So the average user installs some antivirus protection on his computer. But even the up to date AV databases are not guarantee 100% defense. Some time a new breaches found by malicious users and they produce a new viruses that are not identified by the present AV tool-kits  for a while. Then let's imagine that one of these bad guys targets specifically at satoshidice and makes a virus that changes the content of the page displayed at client side, directly in the browser. Then it has no sense if the page have been received with http or with https. So, some times the use of https is an overkill that would lead to growing expenses at both sides - the content providers one and at the client as https ultimately disables any intermediate caching of the information transferred. The only way to protect yourself from unwanted financial loses is to double check the addresses you are sending your coins by all available means (browse blockchain, e.t.c), verify md5/sha1/sha256 check-sums and pgp-signatures usually attached to open source sw published in open repositories, e.t.c.

For example, the download page of the bitcoin-qt reference client has a clear link to the signed sha256sums of the currently available version:

http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.5/SHA256SUMS.asc/view :

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

84543f10de5e82ce6e88dd5a501db37c6327edf79a2a04f29199c24843e71f63  bitcoin-0.8.5-linux.tar.gz
c583260f59a5e31ba8f819ed91b992423da6893095c6a910877451d01492625e  bitcoin-0.8.5-macosx.dmg
6f6b8fd68f56a8e700090267c53aa592b9c9e5c993f44c7be11ba9b87e1f92bb  bitcoin-0.8.5-win32-setup.exe
169161d7a3270e221952f65ff276c649c5818bb9fc10059fd00a531343194b75  bitcoin-0.8.5-win32.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iQIcBAEBCAAGBQJSMlvWAAoJECnZ7msfxzDBwLsP/RMLxLW16uKFOl87fGDxuCj6
/4c6Z2xgTafb1qOGv9Jh89qfD2V0bmOq97ynrM9SwgW2A3qIYeEju2X3kP1cardM
Hs/mj6LkLuNxsJ65opDbVTPsfL3ztoakNv9v7Kw815/iALl4f7A+YpY1KxiTe+du
+qh14s1nG3I6VTyva6Z2zJbW9JDCvWcGWnbYtpRABszfWBic3/GL4+kjhn4Dj5ty
rHzClX2v8ARLqx/GkM2lLI8OD2yylishrKWIEb9I/Y6J3fyAYyf3S2HXvjG4RJIC
t0/phDZjxRs7FIW97zvSJC5yhlk3tcF5t2qrhpZ8ifek/0TUvar3bXGPripJ291N
YwXfgHNAAWDhiRf4tGHnh6+xn3p8oaFnsiqQpK55KCS/0i6R/fePckpVKHiK9Ptn
WjWisG2LVIyohqrOHRi1xT9VMhtUFcRNrMPp4ujNIrxKFMyRncSUiEtoDI4/dst1
3/WvRTKApr4kRH6sto0dQbLRozDTGZUJOT3vlkQUwrd3qbxuEiLDMfCaRSPSgDRp
pt3wC8t3LtHcPgFnw+ovMAebMJ50glkKh/hSA/ha+PNuuezPWYmGEIVtvwubm7Lu
HXxqQQ0WOW/eDLbxiH495911wgyIZvvt3x9fZZeBhrHS0iAgZ6YTVzV83bwLAoNn
0CgjFiWg+jl23CgpZKqv
=QovN
-----END PGP SIGNATURE-----

Usually such a measure is enough to detect any tampered file. So there is no reason indeed to distribute it over https.

[dree12]

@jl2012, @dree12, although I would not argue that the MITM problem has place, I would like to ask you, what kind of OS you are using? This is a rhetorical question. Let's assume that many people are using Windows and - even more - they are using IE. Everyone knows that it has many flaws and security problems. So the average user installs some antivirus protection on his computer. But even the up to date AV databases are not guarantee 100% defense. Some time a new breaches found by malicious users and they produce a new viruses that are not identified by the present AV tool-kits  for a while. Then let's imagine that one of these bad guys targets specifically at satoshidice and makes a virus that changes the content of the page displayed at client side, directly in the browser. Then it has no sense if the page have been received with http or with https. So, some times the use of https is an overkill that would lead to growing expenses at both sides - the content providers one and at the client as https ultimately disables any intermediate caching of the information transferred. The only way to protect yourself from unwanted financial loses is to double check the addresses you are sending your coins by all available means (browse blockchain, e.t.c), verify md5/sha1/sha256 check-sums and pgp-signatures usually attached to open source sw published in open repositories, e.t.c.

For example, the download page of the bitcoin-qt reference client has a clear link to the signed sha256sums of the currently available version:

http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.5/SHA256SUMS.asc/view :

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

84543f10de5e82ce6e88dd5a501db37c6327edf79a2a04f29199c24843e71f63  bitcoin-0.8.5-linux.tar.gz
c583260f59a5e31ba8f819ed91b992423da6893095c6a910877451d01492625e  bitcoin-0.8.5-macosx.dmg
6f6b8fd68f56a8e700090267c53aa592b9c9e5c993f44c7be11ba9b87e1f92bb  bitcoin-0.8.5-win32-setup.exe
169161d7a3270e221952f65ff276c649c5818bb9fc10059fd00a531343194b75  bitcoin-0.8.5-win32.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iQIcBAEBCAAGBQJSMlvWAAoJECnZ7msfxzDBwLsP/RMLxLW16uKFOl87fGDxuCj6
/4c6Z2xgTafb1qOGv9Jh89qfD2V0bmOq97ynrM9SwgW2A3qIYeEju2X3kP1cardM
Hs/mj6LkLuNxsJ65opDbVTPsfL3ztoakNv9v7Kw815/iALl4f7A+YpY1KxiTe+du
+qh14s1nG3I6VTyva6Z2zJbW9JDCvWcGWnbYtpRABszfWBic3/GL4+kjhn4Dj5ty
rHzClX2v8ARLqx/GkM2lLI8OD2yylishrKWIEb9I/Y6J3fyAYyf3S2HXvjG4RJIC
t0/phDZjxRs7FIW97zvSJC5yhlk3tcF5t2qrhpZ8ifek/0TUvar3bXGPripJ291N
YwXfgHNAAWDhiRf4tGHnh6+xn3p8oaFnsiqQpK55KCS/0i6R/fePckpVKHiK9Ptn
WjWisG2LVIyohqrOHRi1xT9VMhtUFcRNrMPp4ujNIrxKFMyRncSUiEtoDI4/dst1
3/WvRTKApr4kRH6sto0dQbLRozDTGZUJOT3vlkQUwrd3qbxuEiLDMfCaRSPSgDRp
pt3wC8t3LtHcPgFnw+ovMAebMJ50glkKh/hSA/ha+PNuuezPWYmGEIVtvwubm7Lu
HXxqQQ0WOW/eDLbxiH495911wgyIZvvt3x9fZZeBhrHS0iAgZ6YTVzV83bwLAoNn
0CgjFiWg+jl23CgpZKqv
=QovN
-----END PGP SIGNATURE-----

Usually such a measure is enough to detect any tampered file. So there is no reason indeed to distribute it over https.

If your computer is compromised, it's the end of the world already.

I'm serious here. A virus that can modify webpages clientside can also break md5/sh1/sha256 checksum executables. It can corrupt your GPG executable. A virus can do anything.

This doesn't mean HTTPS is useless. Any virus that can break HTTPS security can break GPG security too.

[bee7]

Yes, you are right, that you cant't be sure if your computers security has been compromised. But also it is not possible to "virtualize" the whole internet. If the attack is targeted specifically at you, and thus, it is conducted under a human control, then with some extent of probability that human would succeed to make you believe your eyes. But "regular" viruses would fail to make your reality completely virtual.

[jl2012]

bitcoin.org is hosted on GitHub, which doesn't support HTTPS.

For example, the Chinese government is notorious for DNS hijacking.

The Chinese government also controls several certificate authorities, so they can bypass HTTPS anyway.

Okay, do you want to argue that https is useless and we should abandon it?

Using https may not help us to defend against governmental attack, but it definitely makes hackers' life much harder.

[bee7]

bitcoin.org is hosted on GitHub, which doesn't support HTTPS.

For example, the Chinese government is notorious for DNS hijacking.

The Chinese government also controls several certificate authorities, so they can bypass HTTPS anyway.

Okay, do you want to argue that https is useless and we should abandon it?

Using https may not help us to defend against governmental attack, but it definitely makes hackers' life much harder.

sorry, I did not got who did you ask your question, so here is my response:

https is not useless, ofc. You know, that it is possible to put the nail in place with microscope, but it is much more correct to do it with a hammer.
If the _static_ content to be verified could be verified offline using sha/pgp scheme then this approach should be used as it conserves resources. The Earth resources.
This is MHO.

[jl2012]

bitcoin.org is hosted on GitHub, which doesn't support HTTPS.

github is running on https

[jl2012]

@jl2012, @dree12, although I would not argue that the MITM problem has place, I would like to ask you, what kind of OS you are using? This is a rhetorical question. Let's assume that many people are using Windows and - even more - they are using IE. Everyone knows that it has many flaws and security problems. So the average user installs some antivirus protection on his computer. But even the up to date AV databases are not guarantee 100% defense. Some time a new breaches found by malicious users and they produce a new viruses that are not identified by the present AV tool-kits  for a while. Then let's imagine that one of these bad guys targets specifically at satoshidice and makes a virus that changes the content of the page displayed at client side, directly in the browser. Then it has no sense if the page have been received with http or with https. So, some times the use of https is an overkill that would lead to growing expenses at both sides - the content providers one and at the client as https ultimately disables any intermediate caching of the information transferred. The only way to protect yourself from unwanted financial loses is to double check the addresses you are sending your coins by all available means (browse blockchain, e.t.c), verify md5/sha1/sha256 check-sums and pgp-signatures usually attached to open source sw published in open repositories, e.t.c.

For example, the download page of the bitcoin-qt reference client has a clear link to the signed sha256sums of the currently available version:

http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.5/SHA256SUMS.asc/view :

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

84543f10de5e82ce6e88dd5a501db37c6327edf79a2a04f29199c24843e71f63  bitcoin-0.8.5-linux.tar.gz
c583260f59a5e31ba8f819ed91b992423da6893095c6a910877451d01492625e  bitcoin-0.8.5-macosx.dmg
6f6b8fd68f56a8e700090267c53aa592b9c9e5c993f44c7be11ba9b87e1f92bb  bitcoin-0.8.5-win32-setup.exe
169161d7a3270e221952f65ff276c649c5818bb9fc10059fd00a531343194b75  bitcoin-0.8.5-win32.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iQIcBAEBCAAGBQJSMlvWAAoJECnZ7msfxzDBwLsP/RMLxLW16uKFOl87fGDxuCj6
/4c6Z2xgTafb1qOGv9Jh89qfD2V0bmOq97ynrM9SwgW2A3qIYeEju2X3kP1cardM
Hs/mj6LkLuNxsJ65opDbVTPsfL3ztoakNv9v7Kw815/iALl4f7A+YpY1KxiTe+du
+qh14s1nG3I6VTyva6Z2zJbW9JDCvWcGWnbYtpRABszfWBic3/GL4+kjhn4Dj5ty
rHzClX2v8ARLqx/GkM2lLI8OD2yylishrKWIEb9I/Y6J3fyAYyf3S2HXvjG4RJIC
t0/phDZjxRs7FIW97zvSJC5yhlk3tcF5t2qrhpZ8ifek/0TUvar3bXGPripJ291N
YwXfgHNAAWDhiRf4tGHnh6+xn3p8oaFnsiqQpK55KCS/0i6R/fePckpVKHiK9Ptn
WjWisG2LVIyohqrOHRi1xT9VMhtUFcRNrMPp4ujNIrxKFMyRncSUiEtoDI4/dst1
3/WvRTKApr4kRH6sto0dQbLRozDTGZUJOT3vlkQUwrd3qbxuEiLDMfCaRSPSgDRp
pt3wC8t3LtHcPgFnw+ovMAebMJ50glkKh/hSA/ha+PNuuezPWYmGEIVtvwubm7Lu
HXxqQQ0WOW/eDLbxiH495911wgyIZvvt3x9fZZeBhrHS0iAgZ6YTVzV83bwLAoNn
0CgjFiWg+jl23CgpZKqv
=QovN
-----END PGP SIGNATURE-----

Usually such a measure is enough to detect any tampered file. So there is no reason indeed to distribute it over https.

So you are trying to verify an unprotected file with unprotected message on the same site? And how do we know the PGP public key is legit? It just doesn't make any sense.

The best way, of course, is to download, audit and compile the source code. But most users won't be able to do this.

[bee7]

So you are trying to verify an unprotected file with unprotected message on the same site? And how do it know the PGP public key is legit? It just doesn't make any sense.

The best way, of course, is to download, audit and compile the source code. But most users won't be able to do this.

The message is protected by the PGP signature, thus you have to believe that the PGP infrastructure is not broken. This way you may be sure that the file you downloaded has been crafted by the person who signed the message.

BTW, how do you believe that your bitcoin-qt (provided you inspected its source code) is not talking to the bot net which in turn aims to steal your bitcoins?

[jl2012]

So you are trying to verify an unprotected file with unprotected message on the same site? And how do it know the PGP public key is legit? It just doesn't make any sense.

The best way, of course, is to download, audit and compile the source code. But most users won't be able to do this.

The message is protected by the PGP signature, thus you have to believe that the PGP infrastructure is not broken. This way you may be sure that the file you downloaded has been crafted by the person who signed the message.

BTW, how do you believe that your bitcoin-qt (provided you inspected its source code) is not talking to the bot net which in turn aims to steal your bitcoins?

Most people, including me, are unable to audit the source code. I trust the people holding the bitcoin.org (ie. Gavin and other bitcoin devs) so I'm happy to use the binary (also with the fact that I believe some other people will try to compile and compare the binary). But how do I know the PGP public key is legit at the first place, if it is not linked to bitcoin.org in any way?

The bottom line, IMO, is to run bitcoin.org over https, and offer the binary hashes. The binary itself may be transmitted with http. A better way is to offer a torrent for the reference client (through https, of course).

[bee7]

Most people, including me, are unable to audit the source code. I trust the people holding the bitcoin.org (ie. Gavin and other bitcoin devs) so I'm happy to use the binary (also with the fact that I believe some other people will try to compile and compare the binary). But how do I know the PGP public key is legit at the first place, if it is not linked to bitcoin.org in any way?

The bottom line, IMO, is to run bitcoin.org over https, and offer the binary hashes. The binary itself may be transmitted with http. A better way is to offer a torrent for the reference client (through https, of course).

Then please read about PGP and check this page: all devs PGP keys are listed there

Edit: I updated the PGP description link to the more specific one, sorry for initial ambiguity

Edit2: bit-torrent protocol does not provide more security than http. It provides only stronger data integrity apart from possible higher download speed.

Edit3: The use of ssl/tls encrypted links between the nodes does not change the picture unless you have a Certificate Authority that issues certificates for each node in the network. This would kill the overall idea of the bitcoin network decentralization

[jl2012]

Most people, including me, are unable to audit the source code. I trust the people holding the bitcoin.org (ie. Gavin and other bitcoin devs) so I'm happy to use the binary (also with the fact that I believe some other people will try to compile and compare the binary). But how do I know the PGP public key is legit at the first place, if it is not linked to bitcoin.org in any way?

The bottom line, IMO, is to run bitcoin.org over https, and offer the binary hashes. The binary itself may be transmitted with http. A better way is to offer a torrent for the reference client (through https, of course).

Then please read about PGP and check this page: all devs PGP keys are listed there

Edit: I updated the PGP description link to the more specific one, sorry for initial ambiguity

I know how PGP works. But I don't personally know any of the devs so it is impossible for me to verify the authenticity of the keys, and I don't have a web-of-trust that would lead me to them.

[bee7]

I know how PGP works. But I don't personally know any of the devs so it is impossible for me to verify the authenticity of the keys, and I don't have a web-of-trust that would lead me to them.

You don't need to know them personally. If you don't believe the PGP public keys they posted on bitcoin.org site then you should not believe the correctness of the binary you could load over httpS using the link provided at bitcoin.org site. Then don't use bitcoins at all as you can't trust the whole system.

[jl2012]

I know how PGP works. But I don't personally know any of the devs so it is impossible for me to verify the authenticity of the keys, and I don't have a web-of-trust that would lead me to them.

You don't need to know them personally. If you don't believe the PGP public keys they posted on bitcoin.org site then you should not believe the correctness of the binary you could load over httpS using the link provided at bitcoin.org site. Then don't use bitcoins at all as you can't trust the whole system.

How do I know "they" are THE THEY I trust? You are begging the question. With https at least some so-called "professional CA" have audited the authenticity of the identity.

[bee7]

How do I know "they" are THE THEY I trust? You are begging the question. With https at least some so-called "professional CA" have audited the authenticity of the identity.

The CA infrastructure only confirms that you got connected to the authentic site by its name and then the connection is got encrypted. The CA does not provide the authenticity of the information published on the site. Apart from CA there is the ISP hosting the bitcoin.org site that you have to trust a priori. The cryptographic algorithms behind the PGP are as strong as in any other area covered by our discussion. If you feel uncomfortable to trust all this, then you should not trust bitcoin sha256 PoW. Thus you should convert all your btc to fiat and quit.

I am sorry I have nothing to add.

[theymos]

github is running on https

It doesn't support HTTPS for hosted sites, though.

[jl2012]

How do I know "they" are THE THEY I trust? You are begging the question. With https at least some so-called "professional CA" have audited the authenticity of the identity.

The CA infrastructure only confirms that you got connected to the authentic site by its name and then the connection is got encrypted. The CA does not provide the authenticity of the information published on the site. Apart from CA there is the ISP hosting the bitcoin.org site that you have to trust a priori. The cryptographic algorithms behind the PGP are as strong as in any other area covered by our discussion. If you feel uncomfortable to trust all this, then you should not trust bitcoin sha256 PoW. Thus you should convert all your btc to fiat and quit.

I am sorry I have nothing to add.

I don't know why you mention cryptographic algorithms of PGP here. All educated bitcoin users assume it is reasonably secure.

The only problem here is I can't verify the key. Anyone between me and the server can send me a fake key, and DNS hijack may direct me to another site. If the key is hosted on a https site, at least I know that the key is provided by the legit holder of bitcoin.org, assuming that all trusted CAs are not compromised, and the server itself is not compromised. (EDIT: also my computer is not compromised)

Isn't this exactly the reason why the send-to-ip-address function in the very original Satoshi client was obsoleted? And now we are reviving it, relying on CA cert?