DublinBrian
|
|
July 22, 2012, 08:15:40 PM |
|
how does one know they can trust the 'network notary' server? Because the user chooses that notary themselves.
|
|
|
|
sadpandatech
|
|
July 22, 2012, 08:21:10 PM |
|
how does one know they can trust the 'network notary' server? Because the user chooses that notary themselves. yea, that does not quite cut it though. It's not like choosing your partner or something that you know all about. How is the list made to choose from? What verifies that the list is trustworthy natoaries? I'd assume this service decides that list, and if so does not do anything to reduce any trust issues with just using the standard CA's. It instead would increase trust issues unless there is some really indepth method for listing trusted notaries.
|
If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
|
|
|
niko
|
|
July 22, 2012, 09:52:08 PM |
|
So, does anyone know why the certificate was revoked by verisign? It seems like this caught dwolla by surprise.
|
They're there, in their room. Your mining rig is on fire, yet you're very calm.
|
|
|
MagicalTux
VIP
Hero Member
Offline
Activity: 608
Merit: 501
-
|
|
July 23, 2012, 01:05:14 AM |
|
Just a note, it seems that Dwolla switched to GoDaddy (known to be more trustworthy than Verisign?). Dwolla, before: Dwolla, after:
|
|
|
|
check_status
Full Member
Offline
Activity: 196
Merit: 100
Web Dev, Db Admin, Computer Technician
|
|
July 23, 2012, 01:24:09 AM |
|
Who owns GoDaddy?
|
For Bitcoin to be a true global currency the value of BTC needs always to rise. If BTC became the global currency & money supply = 100 Trillion then ⊅1.00 BTC = $4,761,904.76. P2Pool Server List | How To's and Guides Mega List | 1 EndfedSryGUZK9sPrdvxHntYzv2EBexGA
|
|
|
EnergyVampire
|
|
July 23, 2012, 01:45:03 AM |
|
Who owns GoDaddy?
According to Wikipedia it's owned by KKR, Silver Lake Partners and Technology Crossover Ventures.
|
|
|
|
check_status
Full Member
Offline
Activity: 196
Merit: 100
Web Dev, Db Admin, Computer Technician
|
|
July 23, 2012, 02:00:30 AM |
|
That explains how stuxnet got into Iran. A Massad agent is CEO of 3 domain name registration companies, GoDaddy is just one.
This change in domains smells like manipulation/backroom deal shennanigans.
|
For Bitcoin to be a true global currency the value of BTC needs always to rise. If BTC became the global currency & money supply = 100 Trillion then ⊅1.00 BTC = $4,761,904.76. P2Pool Server List | How To's and Guides Mega List | 1 EndfedSryGUZK9sPrdvxHntYzv2EBexGA
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
August 01, 2012, 01:36:31 AM |
|
Bumping this with the text of an email that I sent them via their contact submission form, as follows: I would like to know what's going on with your SSL certificate. The following statement is made at this link: http://help.dwolla.com/customer/portal/articles/86685-security-partner-overview"VeriSign EV Certificate and Encryption Extended Validation SSL Certificates give high-security web browsers information to clearly identify a web site’s organizational identity. VeriSign is an industry leading EV solution provider. Our certificate provides a 128-bit minimum to 256-bit encryption." but you are actually using a cheap Godaddy certificate. I see that one or more EV certificates from Verisign have been revoked.... Have you had a security incident that you should have warned customers about? Certificates don't just get revoked without a damn good reason, and I feel that this is something extremely important that you need to address. The only public communication that I have been able to find in regards to this issue is a single Twitter message that says the following: "@dwolla Working with our partners at @verisign and @symantec to look into a certificate issue some of our users are reporting. Still secure." but absolutely no communication after that message, posted on the 21st of July, 2012, 10 days ago. I would appreciate your prompt response in regards to this matter so that I can be assured of your continued security and the security of any data about me that you have stored there. Thank you and regards, It's been 10 days since this incident, with nothing more said.
|
|
|
|
notme
Legendary
Offline
Activity: 1904
Merit: 1002
|
|
August 01, 2012, 01:43:13 AM |
|
I quit using them months ago. Still glad I did. I hope this doesn't turn nasty for anyone exposed.
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
August 01, 2012, 05:08:29 PM |
|
They responded with this: Dwolla’s SSL certificate had a minor issue. The SSL certificate was purchased for one year, however, was given a two-year expiration date. This is part of our routine monitoring.
Dwolla realized this error and migrated the certificate to another vendor as an interim solution. Dwolla will revert to our old SSL vendor, a two-year, paid certificate, later this week.
So Verisign issued a 2 year cert, even though Dwolla only paid for one? That's odd, wonder if it was actually the other way around.
|
|
|
|
niko
|
|
August 01, 2012, 08:27:21 PM |
|
They responded with this: Dwolla’s SSL certificate had a minor issue. The SSL certificate was purchased for one year, however, was given a two-year expiration date. This is part of our routine monitoring.
Dwolla realized this error and migrated the certificate to another vendor as an interim solution. Dwolla will revert to our old SSL vendor, a two-year, paid certificate, later this week.
So Verisign issued a 2 year cert, even though Dwolla only paid for one? That's odd, wonder if it was actually the other way around. See what Tux posted above. It was issued with a two-year validity. Apparently they revoke it if you miss a payment.
|
They're there, in their room. Your mining rig is on fire, yet you're very calm.
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
August 01, 2012, 08:30:58 PM |
|
Apparently they revoke it if you miss a payment.
Interesting, most CAs that I have met require a payment for the full validity period, but maybe Verisign has a payment plan because they are so damn expensive for EV certs. Also, epic fail not paying bills.
|
|
|
|
unclemantis
Member
Offline
Activity: 98
Merit: 10
(:firstbits => "1mantis")
|
|
August 01, 2012, 09:47:45 PM |
|
Apparently they revoke it if you miss a payment.
Interesting, most CAs that I have met require a payment for the full validity period, but maybe Verisign has a payment plan because they are so damn expensive for EV certs. Also, epic fail not paying bills. A bank not paying their bills? Wow! Good thing I am going with direct ACH payments when I can!
|
|
|
|
|