On Sun, Mar 3, 2013 at 10:54 AM, Roy Badami <r...@gnomon.org.uk> wrote: > Would be nice to have a secure page at bitcoin.org, though, rathar > than having to go to github - certs from somewhere like Namecheap > should cost you next to nothing. For those of us too lazy (not > paranoid enough) to bother with GPG, a (secure) page on bitoin.org > with the MD5 hashes of the binaries would be awesome...
While I think that it's silly that we don't have a HTTPS (only!) page, it should be noted that an HTTPS page is in no way a replacement for GPG, sadly: Anyone who can MITM the server to the whole internet can trivially obtain a fraudulent cert with only moderate cost and time. (The reason for this is that (many? most? all?) CAs verify authority by having you place a file at some HTTP path on the domain in question. Effectively the current CA model only prevents those from intercepting who cannot intercept the traffic generally. Basically only helps with the evil hotspot/tor_exit problem.) ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
