đź“… Original date posted:2013-12-08
đź“ť Original message:On 8 December 2013 19:25, Gregory Maxwell <gmaxwell at gmail.com> wrote:
> On Sun, Dec 8, 2013 at 11:16 AM, Drak <drak at zikula.org> wrote:
> > BGP redirection is a reality and can be exploited without much
>
> You're managing to argue against SSL. Because it actually provides
> basically protection against an attacker who can actively intercept
> traffic to the server. Against that threat model SSL is clearly— based
> on your comments— providing a false sense of security.
Let me clarify. SSL renders BGP redirection useless because the browser
holds the signatures of CA's it trusts: an attacker cannot spoof a
certificate because it needs to be signed by a trusted CA: that's the point
of SSL, it encrypts and proves identity, the latter part is what thwarts
MITM. If there was an MITM the browser screams pretty loudly about it with
a big threat warning interstitial.
Regards,
Drak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131208/9e49620a/attachment.html>;
Drak [ARCHIVE] /
npub12r…3aqxc
2023-06-07 17:10:31
in reply to nevent1q…tk5p
Author Public Key
npub12rkw0jajmsck4uwdtksdvtswrlkypusfryjzera7m4fhqta6jhdsz3aqxcSeen on
wss://relay.noswhere.comPublished at
2023-06-07 17:10:31Event JSON
{
"id": "a238d2a49ee6ac90069035a30f1516c09d516ad3f5cc8fede787f81364366519",
"pubkey": "50ece7cbb2dc316af1cd5da0d62e0e1fec40f20919242c8fbedd53702fba95db",
"created_at": 1686150631,
"kind": 1,
"tags": [
[
"e",
"d517aa463a22abef5f03468f652eeefb44676da99926537d88111078c3e0468b",
"",
"root"
],
[
"e",
"f644f24a8215211d085b4df6cf06a9d4828ae470c968cb3b14e6db90a7b09522",
"",
"reply"
],
[
"p",
"1c61d995949cbfaf14f767784e166bde865c7b8783d7aa3bf0a1d014b70c0069"
]
],
"content": "📅 Original date posted:2013-12-08\n📝 Original message:On 8 December 2013 19:25, Gregory Maxwell \u003cgmaxwell at gmail.com\u003e wrote:\n\n\u003e On Sun, Dec 8, 2013 at 11:16 AM, Drak \u003cdrak at zikula.org\u003e wrote:\n\u003e \u003e BGP redirection is a reality and can be exploited without much\n\u003e\n\u003e You're managing to argue against SSL. Because it actually provides\n\u003e basically protection against an attacker who can actively intercept\n\u003e traffic to the server. Against that threat model SSL is clearly— based\n\u003e on your comments— providing a false sense of security.\n\n\nLet me clarify. SSL renders BGP redirection useless because the browser\nholds the signatures of CA's it trusts: an attacker cannot spoof a\ncertificate because it needs to be signed by a trusted CA: that's the point\nof SSL, it encrypts and proves identity, the latter part is what thwarts\nMITM. If there was an MITM the browser screams pretty loudly about it with\na big threat warning interstitial.\n\nRegards,\n\nDrak\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131208/9e49620a/attachment.html\u003e",
"sig": "336561f9c920ccdf67bb32403ae7d71eb1dc853d8d8bef42b4ca732458176c7d592af55a890e818d4a64c06d1df397544cce75a525ec136ccf098eac039e7404"
}