Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Re: [NXT] NXTInfrastructure committee
by
EvilDave
on 18/03/2014, 18:34:00 UTC
The follow up SSL discussion, this time as to whether we need SSL on nxtcrypto,org to provide extra security for the wiki.

The text below was originally from PM:

Quote from: marcus03 on March 18, 2014, 03:01:55 PM
Hi!

Can we move this to the InfCom thread at https://bitcointalk.org/index.php?topic=506757 instead of a random list of pm recipients?

Cheers,
Marcus

Quote from: EvilDave on March 18, 2014, 02:53:07 PM
Ok, hold on a cotton-picking moment, guys.

We came to the conclusion that SSL wasn't necassary on the VPS, that TOR was a much better option.

I've had a look thru the Bitbucket again, and I cant find anything about  SSL and wiki-editing on nxtcrypto-org, apart from the title of this issue, which then goes on to be all about VPS:
https://bitbucket.org/nxtinfrastructure/committee/issue/20/ssl-certificate-for-nxtcryptoorg
Has this issue been discussed elsewhere?

The wiki-editing/SSL on nextcrypto seems like a valid concern, and is a seperate issue to the use of SSL on VPS.
I'm going to cc this PM to the rest of InfCom, see if we should open another issue on this and consider funding from the point of view of wiki protection.

So, don't give up yet, OC.

EvilDave.


Quote from: opticalcarrier on March 18, 2014, 01:46:19 PM
Joefox,

They rejected my request for SSL certs for the domain.  They are recommending use of TOR for the VPSs, which isnt a bad idea at all (I use tor for IP privacy) but for people who use TOR (like me)and log into the wiki for editing, SSL becomes a CRITICAL issue since the exit tor node sees all the traffic UNENCRYPTED.  So tor users who are also wiki editors when the wiki doesnt have good SSL leave a gaping security hole that we really need to plug.

W/O a real CA-signed cert the best we can do is, on the wiki, load the wildcard cert I created and signed with my own private self-signed cert.  But this will confuse the wiki editors as it will give security errors out to all wiki editors telling them that someone is doing something fishy with the connection,  unless they do the extra step of loading my private CA cert into their browser.  Get with me an I can provide both the wildcard cert for your wiki server as well as the private CA that we need to distribute out to all wiki editors.

-OC

Quote from: EvilDave on March 18, 2014, 01:24:38 AM
Optical:
After a lot of debate, InfCom has come to the conclusion that although SSL would help with the perception of security, it wouldn't add that much more actual security/privacy.

The concensus seems to be that we should concentrate on using NXT over TOR for added security.

So, in my role as InfCom spokesbeast: thats a "no" to your SSL funding request. Sorry.

U can see the decision-making process here:
https://bitbucket.org/nxtinfrastructure/committee/issue/30/public-api-nodes-could-support-ssl-for
Feel completely free to object if you like.


Good luck, keep up the good work,

EvilDave.
 

My first question, is nxtcrypto.org/SSL/wiki an InfCom issue ?