On 2011 December 16 Friday, Rick Wesson wrote: > I believe that any URI scheme will still leverage DNS and inherit any > base issues you would have with TXT records. I suggest looking at DANE
HTTPS takes care of that. > and reviewing their work on hardening certificate (x.509) > infrastructure as your HTTPS scheme will inherit the issues we > currently experience with CAs getting p0wned. This is the only real problem with HTTPS: we would be centralising part of our otherwise decentralised system. CAs are certainly a risk. However, trust is needed somewhere in the communication. There is no way to securely communicate between A and B without the use of some previously trusted secure channel -- in Joe Sixpack's case it's by assuming that the browser he downloaded came with an untainted CA list, and that the CAs are trustworthy. Neither of which is guaranteed. Until and unless we get PGP support in browsers, CAs are all that we have. Worrying about CAs misses the point anyway; if we're being that paranoid -- how did A tell B the appropriate alias to use for a lookup? Was that channel secure too? I could set up a MITM server that simply looks for the alias "rickwes...@bitcoinaliases.org" and rewrites it to "andypark...@bitcoinaliases.org". When the answer to that problem is HTTPS (or some other system that requires a previously authorised secure channel for transfer of trust), then we're back where we started, and HTTPS is acceptable. Andy -- Dr Andy Parkins andypark...@gmail.com
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
