SSL again

casascius (OP)

Mike Caldwell
VIP
Legendary

Offline

Activity: 1386
Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

SSL again

March 14, 2011, 05:46:29 AM

SSL is still self-signed

This is a public credibility problem

I'm not looking to hear again that self signed certificates are better, more secure, or any conspiracy theories from CA's, or that the public should configure their browsers to trust them. I'm looking to repeat a reminder that having user's browsers display security warnings is a way of fostering mistrust and is a pretty ironic observation for a project that asks people to trust their money to cryptography.

How many months in a row must this issue be brought up before something can be done about it?

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.

grondilu

Legendary

Offline

Activity: 1288
Merit: 1080

Re: SSL again

March 14, 2011, 06:16:17 AM

I don't know much about certificates, so correct me if I'm wrong, but:

Basically with a self-signed certificate you just have to accept it the first time you connect to the website, and then, if later I'm being warned that the certificate is not the same anymore, then I can suspect there has been something smelly, and ask around about it.

To me that sounds pretty much as good as relying on a third party "certificate authority".

Check out my bitcoin bash library

kseistrup

Hero Member

Offline

Activity: 566
Merit: 500

Unselfish actions pay back better

Re: SSL again

March 14, 2011, 06:35:44 AM

Quote from: grondilu on March 14, 2011, 06:16:17 AM

Basically with a self-signed certificate you just have to accept it the first time you connect to the website, and then, if later I'm being warned that the certificate is not the same anymore, then I can suspect there has been something smelly, and ask around about it.

In Chrome on Linux you have to accept it the first time, and Chrome will remember it until you shut down the browser. Next time you open the browser you'll have to accept it again.

I think going for a CAcert or a StartSSL certificate is a good idea.

Cheers,

Klaus Alexander Seistrup

JollyGreen

Newbie

Offline

Activity: 42
Merit: 0

Re: SSL again

March 14, 2011, 06:42:09 AM

Quote from: grondilu on March 14, 2011, 06:16:17 AM

To me that sounds pretty much as good as relying on a third party "certificate authority".

I agree it is basically the same, but the later doesn't scare people with a warning. I think enough people would pitch in for the SSL cost to make the issue go away, if money is the only problem. I'm not aware of the past history of this request though.

caveden

Legendary

Offline

Activity: 1106
Merit: 1004

Re: SSL again

March 14, 2011, 08:44:24 AM

HTTPS is not default here. To have it, you need to explicit ask for it. People who don't even know what a certificate is would just remain in HTTP.

JollyGreen

Newbie

Offline

Activity: 42
Merit: 0

Re: SSL again

March 14, 2011, 09:19:44 AM

Quote from: caveden on March 14, 2011, 08:44:24 AM

HTTPS is not default here. To have it, you need to explicit ask for it. People who don't even know what a certificate is would just remain in HTTP.

Ha, ok, I just realized that, so what are the advantages to SSL for this site? I don't login to access secure info, so I'm not that worried, what are others concerns?

Pages: [1]

Bitcoin Forum > Bitcoin > Development & Technical Discussion > SSL again

« previous topic next topic »