On 2011 December 19 Monday, Jorge Timón wrote: > Ok, so HTTP is not an option unless it shows a huge warning. I don't > know the HTTPS possible attack, but maybe it needs a warning message > too, from what you people are saying. Although using namecoin to
The problems with HTTPS have been social rather than technical. Multiple CAs have been strong-armed by governments or tricked into issuing fake certificates by scammers. There is no technical measure around that. By using the CA certificate we are saying to the system "here is someone I trust to issue a certificate". So far, with a large number of CAs, that trust is misplaced. I'm of the opinion though that this problem is outside the remit of bitcoin to solve. Perhaps we should be more strict about which CA certificates are trusted by the bitcoin client: say restrict it to those who have demonstrably good practices for verifying identity; rather than the ridiculous amount of trust that comes pre-installed for me in my browser. Andy -- Dr Andy Parkins andypark...@gmail.com
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
