Author

Topic: Feature request: HTTPS Bitcoin page containing signatures of downloadable files (Read 2112 times)

legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
The SHA-1 hashes are already listed on the front page, which can be accessed with HTTPS.

So i was talking like it wasn't done, and it worked all the time... Stupid me.
Closing thread.
administrator
Activity: 5222
Merit: 13032
I just had another revelation:

Signing binaries by satoshi usign PGP is no solution at all.
Why ?
Because when Satoshi's public PGP key will be avaiable over HTTP, not HTTPS, governments/ISPs still will be able to change it on the fly using their proxies/filters.

This is a chicken-egg problem.

This is solved by the PGP web of trust. I'm sure many of us would sign Satoshi's key (which has already been public for a long time), but I think this is generally considered rude to do without permission.

The SHA-1 hashes are already listed on the front page, which can be accessed with HTTPS.
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
I just had another revelation:

Signing binaries by satoshi usign PGP is no solution at all.
Why ?
Because when Satoshi's public PGP key will be avaiable over HTTP, not HTTPS, governments/ISPs still will be able to change it on the fly using their proxies/filters.

This is a chicken-egg problem.
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
Yes, but the releases should just be PGP signed by Satoshi. Then there's no chance of third-party contamination.

That's the problem right there. They should be.
So if they aren't yet, wouldn't it be like a 5 minute job for site admin to add one static HTTPS page with signatures included ?

I mean I'm proposing a quick working fix, and later when Satoshi signs all binaries himself, this will no longer be needed.
administrator
Activity: 5222
Merit: 13032
There are plugins for firefox which alert you every time a certificate changes, just like in SSH.

I use it. And I removed most of my CAs. Smiley

Quote
And even if you're not using plugins, my proposition is much better than nothing, isn't it ?

Yes, but the releases should just be PGP signed by Satoshi. Then there's no chance of third-party contamination.
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
Relying on HTTPS allows every certificate authority and their sub-authorities to break the authentication, even though bitcoin.org is self-signed. HTTPS should not be used for important authentication problems.

There are plugins for firefox which alert you every time a certificate changes, just like in SSH.
https://addons.mozilla.org/pl/firefox/addon/certificate-patrol/

And even if you're not using plugins, my proposition is much better than nothing, isn't it ?

administrator
Activity: 5222
Merit: 13032
Relying on HTTPS allows every certificate authority and their sub-authorities to break the authentication, even though bitcoin.org is self-signed. HTTPS should not be used for important authentication problems.
sr. member
Activity: 350
Merit: 252
probiwon.com
I think digital signed src by authors of the code is better. And already in a git it works fine. Gavin could put a tags with his sign as Linus already doing this:

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.37.y.git;a=tag;h=refs/tags/v2.6.37

The average user does not need the source code - for him program builded by a maintainer into packages. Software packages also have signatures, format depends from your OS.

I have a deja vu - we've already discussed it
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
I have another proposition:

There should be a site, like https://www.bitcoin.org/signatures where there are SHA1/MD5/SHA256 signatures of every file that is avaiable for download on bitcoin.org.
This way, there will be a 100% cracker-resistant way to know that one is downloading unmodified/unhacked files.

For now, the only way to know we have a "clean" bitcoin is to download the source, pull changes from github and review them yourself, which is probably not very good for starters/noobs.
After all, latest events concerning Facebook & Tunisia government, show that it's not very hard to imagine governments or ISPs modifying bitcoin binaries to place trojan horses in them.

What do you think ? This shouldn't be verry hard to do - i mean how hard it is to setup a single static HTML page on HTTPS ?
Jump to: