This is very bad...

[nster]

Is an SSL certificate really worth signing? The fact that such a thing needs to be paid for is even more laughable.

this is a 5 MILLION $ economy, if we are stupid enough to not pay 120$ to potential do A LOT of good to bitcoins, well....

A lot of good? What? To soothe the ones who don't want to go through the trouble of adding a self-signed certificate? Heh.

more bitcoin users and miners in the long run = +++++++++++++++++++++++ in my books, specially at the low cost of a SSL cert

in the long run, it will turn away many potential miners and bitcoin traders, and we will lose much more than what the SSL cert is worth. DO NOT OVERESTIMATE THE PEOPLE OF THE INTERWEBZ




Do you not get that people sometimes get a big red DONT TRUST THIS SITE from their browsers? they trust their browsers, not some random site they probably went to see if they could make $$ with their GPU (which sounds a bit doubtful to the normal person)

[theymos]

HTTPS isn't the default. No one should be ending up there unless they already know what they're doing.

[­­Atlas]

Well, the slower the Bitcoin economy grows, the better. I still need time to purchase more Bitcoins.

[bitcoinex]

NOD32 detects new heur_pe in Bitcoin

Anybody can check this issue for new bitcoin versions?

And about SSL

[spenvo]

@Theymos - You're right, bitcoin.org does not point to https by default.

When I first learned about Bitcoin a couple of months ago, it was pointing to https for some reason and Chrome had it's warning/block all up in my face.  That was my first impression of Bitcoin 

[Jered Kenna (TradeHill)]

I agree 100% about not underestimating the average person's lack of computer knowledge and ability to freak out if their browser says it's bad. We see a lot of this as simple but even the least knowledgeable person on these forums is way above average.
Think about the type of people who use their CD tray for a cup holder when you're trying to decide if they'll get scared not if they know how SSL works.

[casascius]

HTTPS isn't the default. No one should be ending up there unless they already know what they're doing.

If no one should be ending up there, how come everybody knows this is a problem?

I have been griping about this for MONTHS.  I have already pledged BTC for the purchase of the certificate.  The "people should just trust the self-signed certificate" and "CA's are just fronts for the FBI and give your private key to the feds" myths have been debunked repeatedly.  When oh when can we just get this fixed?

[ryepdx]

I'll pitch in some money to get our certificate signed. It really doesn't look good if every browser that stumbles across our https address flashes warnings at the user.

this is a 5 MILLION $ economy, if we are stupid enough to not pay 120$ to potential do A LOT of good to bitcoins, well....

Where'd you get the $120 figure? I just did a quick check and saw that VeriSign's cheapest option is $399 a year.

[nster]

I'll pitch in some money to get our certificate signed. It really doesn't look good if every browser that stumbles across our https address flashes warnings at the user.

this is a 5 MILLION $ economy, if we are stupid enough to not pay 120$ to potential do A LOT of good to bitcoins, well....

Where'd you get the $120 figure? I just did a quick check and saw that VeriSign's cheapest option is $399 a year.

spento said that but wtv, 400$ isn't much in a 5M$ economy that is growing

I mean, about a dollar a day XD

[spenvo]

@ryepdx - The $120 figure came as I remembered having to purchase one on the cheap about a year ago.

Heh, so Godaddy's (I know shoot me now) SSLs start at $49 - $99 - https://www.godaddy.com/ssl/ssl-certificates.aspx

And trust me Vlad, back when I was working with OpenBSD - I too signed my own SSLs because who wants to pay...  So long as the average user never gets directed to https and hit with that warning, I guess it's OK. ? 

[Jered Kenna (TradeHill)]

@ryepdx - The $120 figure came as I remembered having to purchase one on the cheap about a year ago.

Heh, so Godaddy's (I know shoot me now) SSLs start at $49 - $99 - https://www.godaddy.com/ssl/ssl-certificates.aspx

And trust me Vlad, back when I was working with OpenBSD - I too signed my own SSLs because who wants to pay...  So long as the average user never gets directed to https and hit with that warning, I guess it's OK. ? 

If $49 can take care of it then why not?

If bitcoin.org gets a lot more hits then I'm going to assume you'll get a lot going to HTTPS of course if it gets to the point it's really a concern $49 will be less significant than now.

[CCCMikey]

Who owns / runs the bitcoin.org website anyway? Would they be hiding for some reason?

[kiba]

Sirius runs the website.

[Gavin Andresen]

Sirius runs the website.

... and we're looking for volunteers.  See http://bitcointalk.org/index.php?topic=5052.0

Quick "why no proper SSL cert" :   because it never made it near the top of anybody's TODO list.  The task is:
 + Figure out where the bitcoin.org domain is registered and make sure the MX records/etc are pointing somewhere so verification emails from the certificate authority don't get lost.
 + buy the cert and jump through the 'verify you are who you say you are' hoops.
 + replace the self-signed cert on the web server

[Jered Kenna (TradeHill)]

Sirius runs the website.

... and we're looking for volunteers.  See http://bitcointalk.org/index.php?topic=5052.0

Quick "why no proper SSL cert" :   because it never made it near the top of anybody's TODO list.  The task is:
 + Figure out where the bitcoin.org domain is registered and make sure the MX records/etc are pointing somewhere so verification emails from the certificate authority don't get lost.
 + buy the cert and jump through the 'verify you are who you say you are' hoops.
 + replace the self-signed cert on the web server

Sirius pays for hosting and all that? Should we donate some for the SSL cert or is the money not really an issue?

[Ricochet]

HTTPS isn't the default. No one should be ending up there unless they already know what they're doing.

I've seen multiple people link to the HTTPS versions, so whenever I happen to click on that I get the Firefox warning. 

[caveden]

Sirius pays for hosting and all that? Should we donate some for the SSL cert or is the money not really an issue?

That's a question I've been asking. Who pays for this site?
There are no ads, no donation link, nothing. Somebody's contributing out of his own pocket...

[em3rgentOrdr]

I'm afraid that eventually someone will write a bitcoin virus.  It basically infects your computer, runs bitcoin miner, and sends any proceeds to the virus creator.  I don't want to give anyone ideas, though , but at least it would strengthen the network .

[CCCMikey]

Unless it could run a GPU miner it wouldn't be worth the effort And the people who have really good GPUs usually know what they're doing with their computers I think? Wouldn't they notice the extra heat and noise?

[em3rgentOrdr]

Unless it could run a GPU miner it wouldn't be worth the effort And the people who have really good GPUs usually know what they're doing with their computers I think? Wouldn't they notice the extra heat and noise?

Hard to say.  There are a lot of ignorant consumers out there who have no idea what's inside their computer.  A lot of people have really fancy cpus and graphics cards, but are totally unaware of it and then only use their computer to browse the internet...