Bitcoin Forum
December 07, 2016, 08:41:50 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: SSL again  (Read 960 times)
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
March 14, 2011, 05:46:29 AM
 #1

SSL is still self-signed

This is a public credibility problem

I'm not looking to hear again that self signed certificates are better, more secure, or any conspiracy theories from CA's, or that the public should configure their browsers to trust them.  I'm looking to repeat a reminder that having user's browsers display security warnings is a way of fostering mistrust and is a pretty ironic observation for a project that asks people to trust their money to cryptography.

How many months in a row must this issue be brought up before something can be done about it?

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
1481100110
Hero Member
*
Offline Offline

Posts: 1481100110

View Profile Personal Message (Offline)

Ignore
1481100110
Reply with quote  #2

1481100110
Report to moderator
1481100110
Hero Member
*
Offline Offline

Posts: 1481100110

View Profile Personal Message (Offline)

Ignore
1481100110
Reply with quote  #2

1481100110
Report to moderator
1481100110
Hero Member
*
Offline Offline

Posts: 1481100110

View Profile Personal Message (Offline)

Ignore
1481100110
Reply with quote  #2

1481100110
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481100110
Hero Member
*
Offline Offline

Posts: 1481100110

View Profile Personal Message (Offline)

Ignore
1481100110
Reply with quote  #2

1481100110
Report to moderator
grondilu
Legendary
*
Offline Offline

Activity: 1134


View Profile
March 14, 2011, 06:16:17 AM
 #2

I don't know much about certificates, so correct me if I'm wrong, but:

Basically with a self-signed certificate you just have to accept it the first time you connect to the website, and then, if later I'm being warned that the certificate is not the same anymore, then I can suspect there has been something smelly, and ask around about it.

To me that sounds pretty much as good as relying on a third party "certificate authority".
kseistrup
Hero Member
*****
Offline Offline

Activity: 565


Unselfish actions pay back better


View Profile WWW
March 14, 2011, 06:35:44 AM
 #3

Basically with a self-signed certificate you just have to accept it the first time you connect to the website, and then, if later I'm being warned that the certificate is not the same anymore, then I can suspect there has been something smelly, and ask around about it.

In Chrome on Linux you have to accept it the first time, and Chrome will remember it until you shut down the browser.  Next time you open the browser you'll have to accept it again.

I think going for a CAcert or a StartSSL certificate is a good idea.

Cheers,

Klaus Alexander Seistrup
http://about.me/kseistrup
JollyGreen
Jr. Member
*
Offline Offline

Activity: 42


View Profile
March 14, 2011, 06:42:09 AM
 #4


To me that sounds pretty much as good as relying on a third party "certificate authority".


I agree it is basically the same, but the later doesn't scare people with a warning.  I think enough people would pitch in for the SSL cost to make the issue go away, if money is the only problem.  I'm not aware of the past history of this request though.

Want to donate?
1H6WepEWuJkicvfki8PSrEaT8SUnUHAJKs
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
March 14, 2011, 08:44:24 AM
 #5

HTTPS is not default here. To have it, you need to explicit ask for it. People who don't even know what a certificate is would just remain in HTTP.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
JollyGreen
Jr. Member
*
Offline Offline

Activity: 42


View Profile
March 14, 2011, 09:19:44 AM
 #6

HTTPS is not default here. To have it, you need to explicit ask for it. People who don't even know what a certificate is would just remain in HTTP.

Ha, ok, I just realized that, so what are the advantages to SSL for this site?  I don't login to access secure info, so I'm not that worried, what are others concerns?

Want to donate?
1H6WepEWuJkicvfki8PSrEaT8SUnUHAJKs
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!