Author

Topic: Why is bitcoin.org using a self-signed SSL certificate... (Read 3794 times)

member
Activity: 98
Merit: 13
And controlling the server you can control where those emails get delivered Wink

There are already MX records, though, which I believe would override the A record in mail delivery.

Correct... unless those MX servers die or become unreachable.

administrator
Activity: 5222
Merit: 13032
And controlling the server you can control where those emails get delivered Wink

There are already MX records, though, which I believe would override the A record in mail delivery.
legendary
Activity: 1358
Merit: 1002
Unfortunately, it must be [email protected], the email registered in 'whois' for bitcoin.org.

Startcom also lets you use [email protected].

And controlling the server you can control where those emails get delivered Wink
administrator
Activity: 5222
Merit: 13032
Unfortunately, it must be [email protected], the email registered in 'whois' for bitcoin.org.

Startcom also lets you use [email protected].
member
Activity: 98
Merit: 13
If Satoshi removed the MX records for the domain, Sirius could receive mail for bitcoin.org. That would probably be the easiest solution.

Unfortunately, it must be [email protected], the email registered in 'whois' for bitcoin.org.

administrator
Activity: 5222
Merit: 13032
If Satoshi removed the MX records for the domain, Sirius could receive mail for bitcoin.org. That would probably be the easiest solution.
hero member
Activity: 812
Merit: 1022
No Maps for These Territories
Can this please be addressed?

A site about a currency shouldn't have an amateur self-signed SSL certificate. It reeks fishy to new users.
member
Activity: 98
Merit: 13
We need satoshi to (a) acknowledge a single email, or (b) transfer bitcoin.org to Gavin or elsewhere.

Otherwise SSL is a non-starter.

vip
Activity: 608
Merit: 501
-
For info I got the ssl for the wiki (bitcoin.it) from startssl Smiley

I would recommend startssl for bitcoin.org too.
full member
Activity: 210
Merit: 100
Presale is live!
full member
Activity: 210
Merit: 100
Presale is live!
any of you able to access https://auth.startssl.com/ ?
newbie
Activity: 1
Merit: 0
Satoshi, if you are around could you please install a real certificate for https for bitcoin.org, or allow domain rights to someone who will help out in that regard?
Thanks!
-r
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
+1

A system like bitcoin which is based on strong cryptography cannot afford not having a certificate accepted by most browsers.

Too bad this suggestion falls on deaf ears.  You'll soon hear that "nobody" uses HTTPS to connect to bitcoin.org anyway.  It's almost May, I started this thread in January and have brought it up about half a dozen times.
legendary
Activity: 1072
Merit: 1181
+1

A system like bitcoin which is based on strong cryptography cannot afford not having a certificate accepted by most browsers.
member
Activity: 69
Merit: 10
I don't have a problem with the self signing so much, but it would be nice if I could upload a Bitcoin CA certificate to my browser or use a signed Bitcoin gpg key for monkeysphere.  Does anyone know if these exist?
sr. member
Activity: 429
Merit: 1002
Satoshi owns the domain so this is up to him.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
but is best a strong self certificate than a free a insecure 128/256 bits certificate. the strong cetificate are 4096 bit and more.

This is nonsense - the free certificate is secure.   128/256 bits refers to the cipher (such as RC4) used on SSL and has nothing to do with the certificate itself.  The last certificate I got from StartSSL was for a 2048 bit key.

Standard procedure for generating SSL certs, they give you a certificate for YOUR key.  You decide the key size, not them.

You generate the key yourself (web server software can do this), give them the CSR (certificate signing request - which is a bunch of base64-encoded gibberish that contains only the public key), and they produce the certificate from that.

In requesting the certificate, the private key you generate is never divulged (it is never sent to the certificate authority or anyone else) and that is how you know it's secure, free or not.
sr. member
Activity: 493
Merit: 250
IDENA.IO - Proof-Of-Person Blockchain
but is best a strong self certificate than a free a insecure 128/256 bits certificate. the strong cetificate are 4096 bit and more.
hero member
Activity: 489
Merit: 505
+1 really disconcerting for new users
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
when anyone could just go to Startcom.org and get a SSL certificate recognized by all popular browsers for free?

startssl.com
Jump to: