Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Re: [NXT] NXTInfrastructure committee
by
opticalcarrier
on 13/03/2014, 14:34:12 UTC
Quote from: NxtMinnow on March 13, 2014, 12:37:14 AM
opticalcarrier, thank you for carrying the torch on the SSL issue.

As Marcus03 pointed out, "Technically, there is nothing that needs to be protected. The transaction data that is sent from clients to nodes, is the same data that is exchanged between nodes, which themselves do not uses SSL.
Or in other words, the beauty of the implementation lies in the fact that no trust is needed. It can't get any better. Putting SSL on top of it, for me just hides the beauty."

However, in the case of an NXT client operating from behind the firewall of a crypto (freedom) unfriendly nationstate, the mere fact that transactions are transmitted "in the clear" provides easy detection ability that a cryptocurrency transaction occurred. I know that if the primary goal was profit at the core operation level of the Nxt network, SSL would not be considered. The socio-political definitions of what is acceptable to particular jurisdictions is likely to change often in the coming years, and I think that providing maximum security and the ability to maintain plausible deniability to end users is a strategic advantage to Nxt.

The transaction may be secure by design and will succeed, but what good is that if the originator of the transaction runs afoul of misguided local crypto regulations? I don't know if this helps or not: https://www.cacert.org/

you make a really good point, and one that I had not even considered that I wish I had have included into my original proposal.  Much like BCNext's brainwallet provides plausible deniability, SSL would work alongside that for the same purpose.

And I do believe this will be temporary - maybe just for a year or 2 until SPs come along and provide the same functionality but on a basis where they are in the business to make $.  Then the SP will do their own cert.  But I am just running these VPSs to support NXT, not for profit, at least not anytime soon do I expect to be able to offer any kind of SP.

Another reason I want a domain wildcard cert is to be able to provide it to the wiki admin.  They REALLY NEED a valid SSL cert for their wiki, for login/editing purposes of the editors.  Consider that ideally, TOR is likely to be used by many people and if using tor, you REALLY NEED to be using SSL for pretty much everything you can - tor basically presents a MITM that could do attacks if you dont SSL your connection.