Hi Nxt community,

I am going to step out on a limb here a little. Let's say you have a safe in your house (Curve 25519 encryption algorithm) and do not have a lock on the front door to your house (HTTP). Even though you have a really awesome safe, you still don't really want everyone who wants to just wandering around your house.

All modern high security online facilities use a double lock security mechanism. The first lock is the HTTPS secured by a CA. The second lock(s) are the user passwords (names/passwords). Banks, schools, governments, etc. all use SSL connections. In the case of the need to remain anonymous, some nodes can be their own CA and issue their own certificates.

At the end of the day, when the rubber hits the road and the crypto becomes fiat; trusted (known) Nxt gateways that are in AML/KYC compliance will have HTTPS (SSL issued by a root CA). Would you enter your credit card number into a browser window requesting payment details that is NOT displaying the "Lock" icon? If your answer is YES to this question, then some serious study into network security is in order. All information transmitted over HTTP is the equivalent of talking on what used to be known as "the party line" to our grandparents. At least over HTTPS, only the NSA and GCHQ can peer into RSA; everyone else stays out of your house; for now.

Please be your own CA for now if that is what it takes for Nxt to "lock the front door". If anyone thinks I have my interpretation of network security all wrong, let me know. Otherwise, I think the competent and trusted network VPS operators need to take the steps required to make this a reality. Will the network run slower? Yes. Will there be more coding work required to the Nxt core? Yes. Will it cost money? Yes. Is it worth it? I think it is and so do at least a couple other Nxt community members.

Sincerely,
Brian Snyder