Author

Topic: Re: [WARNING] Bitcoinica Claims Process is insecure (Read 1394 times)

full member
Activity: 196
Merit: 100
Web Dev, Db Admin, Computer Technician
Me: I heard the Convergence project is no longer being developed, Is this true?
Moxie Marlinspike: Convergence is still being developed, although the core
feature set is pretty stable now.
Me: Should anyone run a notary?
Moxie Marlinspike: Anyone can run a notary, and anyone is free to use that notary if they trust the organization.
Me: Who would be your ideal candidate for running a notary?
Moxie Marlinspike: Ideally, organizations that can dedicate the resources to running HA notaries are preferred.
sr. member
Activity: 350
Merit: 250
I'm pretty sure it's still being actively maintained, can always ask moxie or 0day charlie of thoughtcrime labs on twitter if they're still involved, they always reply

full member
Activity: 196
Merit: 100
Web Dev, Db Admin, Computer Technician
Well Convergence is accepting Contributions via Bitcoin and via Bit-Pay.
There were active donations sent April through May of 2012.
15TUpE7Qtehxzrx2gMdE6jbHdQa42Edk4G



administrator
Activity: 5222
Merit: 13032
The only problem with Perspectives is they only authenticate the first connection, other stuff on the website, pics, forms are still vulnerable. Have you thought about using Convergence instead? http://convergence.io/

I've heard that Convergence is no longer being actively developed.
full member
Activity: 196
Merit: 100
Web Dev, Db Admin, Computer Technician
Quote from: Theymos
I use the Certificate Patrol and Perspectives Firefox extensions. I've also disabled most of the CAs in Firefox, though Firefox's handling of invalid certificates is pretty bad, so I don't recommend doing this unless you're paranoid.
(If this is OffTopic, let me know. Smiley )
The only problem with Perspectives is they only authenticate the first connection, other stuff on the website, pics, forms are still vulnerable. Have you thought about using Convergence instead? http://convergence.io/
administrator
Activity: 5222
Merit: 13032
Tell me what isn't a lost cause then. Please.

I use the Certificate Patrol and Perspectives Firefox extensions. I've also disabled most of the CAs in Firefox, though Firefox's handling of invalid certificates is pretty bad, so I don't recommend doing this unless you're paranoid.
full member
Activity: 140
Merit: 100
It has been compromised in the past, so it likely will again in the future. You should simply just not use StartCom, especially after you've been hacked yourself. StartCom should have been completely blacklisted in browsers.

Comodo, USER-TRUST, and even Verisign have also been compromised in the past, and there's no chance that they'll be removed from browsers because they're so popular. Lots of governments also have their own probably-insecure CAs which are accepted by all browsers. The CA system is a lost cause.

Tell me what isn't a lost cause then. Please.
Jump to: