Author

Topic: No HTTPS (Read 1506 times)

hero member
Activity: 812
Merit: 1022
No Maps for These Territories
June 13, 2011, 08:59:02 AM
#9
Since the forums seem to support HTTPS, the link from http://bitcoin.org (http://bitcointalk.org/
) should be changed to use HTTPS by default.
+1

The reason that the link is still http is afaik because we used to have a self-signed certificate. This is fixed now, however.

Forum should be HTTPS by default. Preferably, HTTP should be disabled completely, and cookies should be set to secure (SSL-only).
legendary
Activity: 1008
Merit: 1001
Let the chips fall where they may.
June 12, 2011, 12:16:14 PM
#8
Good to know. (I found this thread by actually using the "search" function)

HTTPS provides authentication (through the use of certificates) as well as encryption. Of course, if you don't trust organizations like VeriSign, you need and out-of-band method for communicating the public key.

Since the forums seem to support HTTPS, the link from http://bitcoin.org (http://bitcointalk.org/
) should be changed to use HTTPS by default. Until about 2 months ago, I did not understand the need for ubiquitous encryption; even of publicly available information. Then I read this:
Quote
Advertising-UNISERVE shall have the right, without notice, to insert advertising data into the Internet browser used by a UNSERVE customer, and transferred to a UNISERVE customer over UNISERVE’s network, so long as this does not involve UNISERVE transmitting any personal information of the customer to whom such data is sent in contravention of the UNISERVE Privacy Commitment;
- Section 27e, My ISP's Updated Terms of service.

PS: I don't use HTTPS everywhere because I leave Scripting disabled most the time.
PPS: I know my website does not support encryption. My webshost wants $200/year for a certificate.
legendary
Activity: 1222
Merit: 1016
Live and Let Live
May 22, 2011, 12:14:51 PM
#7
updated https everywhere rule-set that redirects the old https forum links: http://www.bitcoinservice.co.uk/files/875
sr. member
Activity: 429
Merit: 1002
May 22, 2011, 09:57:42 AM
#6
Bitcoin.org is on sf.net and they don't support https.
sr. member
Activity: 429
Merit: 1002
May 22, 2011, 09:45:52 AM
#5
We have a StartSSL certificate now.
legendary
Activity: 860
Merit: 1026
May 20, 2011, 10:52:56 AM
#4
yep, https isn't working on the main site anymore, but it still works on forum.bitcoin.org
newbie
Activity: 42
Merit: 0
May 20, 2011, 02:47:41 AM
#3
HTTPS is broken. This coupled with reports of irregular IP addresses makes me wonder if somebody may be currently intercepting login credentials for this site.
same issues and same concern.
can anyone[preferably forum admin]post authentic IP-adress ? there and somewhere tamper-proof[I2P ?]
hero member
Activity: 566
Merit: 500
Unselfish actions pay back better
May 17, 2011, 04:08:52 PM
#2

HTTPS is broken. This coupled with reports of irregular IP addresses makes me wonder if somebody may be currently intercepting login credentials for this site.

+1
newbie
Activity: 2
Merit: 0
May 17, 2011, 04:02:36 PM
#1
HTTPS is broken. This coupled with reports of irregular IP addresses makes me wonder if somebody may be currently intercepting login credentials for this site.
Jump to: