1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <robert@mckay.com>) id 1VpnLO-0000aI-4P
for bitcoin-development@lists.sourceforge.net;
Sun, 08 Dec 2013 23:00:58 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of mckay.com
designates 37.1.88.131 as permitted sender)
client-ip=37.1.88.131; envelope-from=robert@mckay.com;
helo=mail.mckay.com;
Received: from mail.mckay.com ([37.1.88.131])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.76) id 1VpnLJ-000645-N3
for bitcoin-development@lists.sourceforge.net;
Sun, 08 Dec 2013 23:00:58 +0000
Received: from www-data by mail.mckay.com with local (Exim 4.76)
(envelope-from <robert@mckay.com>)
id 1Vpmon-0007E5-PI; Sun, 08 Dec 2013 22:27:17 +0000
To: Gregory Maxwell <gmaxwell@gmail.com>
X-PHP-Originating-Script: 0:func.inc
MIME-Version: 1.0
Content-Type: text/plain;
charset=UTF-8;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Sun, 08 Dec 2013 22:27:17 +0000
From: Robert McKay <robert@mckay.com>
In-Reply-To: <CAAS2fgQ=b2e-hFwZiVDPTs2hnPLuQBh0Lx31Q9xGNPG8+2fH-g@mail.gmail.com>
References: <52A3C8A5.7010606@gmail.com>
<1795f3067ba3fcdd0caf978cc59ff024.squirrel@fruiteater.riseup.net>
<52A435EA.7090405@gmail.com> <201312081237.24473.luke@dashjr.org>
<CANAnSg2OrmQAcZ+cZdtQeADicH3U29QOgYPfP1AQhOMP6+P1wg@mail.gmail.com>
<CAAS2fgR0khyJxmz9c2Oc87hOFgiNuiPJuaeugGajdo_EcKEW9w@mail.gmail.com>
<CANAnSg2tep2VURmudfNModuJAryw8hfOj8Z8idVbt37keiZ8Lg@mail.gmail.com>
<CAAS2fgT=0m=0-C+MNotUy6nqwcR-Y+YTNYrS8DZptMo5vCMRnA@mail.gmail.com>
<CANAnSg28awKbAGQS7-kNmenbU00XVB1gpN4c0A3dhGxaH4sxWw@mail.gmail.com>
<CAAS2fgQ=b2e-hFwZiVDPTs2hnPLuQBh0Lx31Q9xGNPG8+2fH-g@mail.gmail.com>
Message-ID: <261ae2bf5c67d44d090709be57a9e1ad@webmail.mckay.com>
X-Sender: robert@mckay.com
User-Agent: Roundcube Webmail/0.5.3
X-Spam-Score: -1.7 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information. [URIs: mckay.com]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1VpnLJ-000645-N3
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development]
=?utf-8?q?Dedicated_server_for_bitcoin=2Eor?=
=?utf-8?q?g=2C_your_thoughts=3F?=
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 08 Dec 2013 23:00:58 -0000
On Sun, 8 Dec 2013 13:14:44 -0800, Gregory Maxwell wrote:
> On Sun, Dec 8, 2013 at 1:07 PM, Drak <drak@zikula.org> wrote:
>> Simple verification relies on being able to answer the email sent to
>> the
>> person in the whois records, or standard admin/webmaster@ addresses
>> to prove
>> ownership of the domain
>
> Godaddy and many other CA's are verified from nothing other than a
> http fetch, no email involved.
It's just as easy to steal emails via a BGP or DNS redirect anyway..
you could even take over the actual domain at the registry level by
stealing a password reset via BGP or DNS redirect and actually many
registries will hand over control of a domain by faxing them a forged
driving license in the owner's name anyway so it doesn't even really
need to be a particularly sophisticated attacker. Once you have registry
control of the domain it's easy enough to get an SSL cert too, probably
even an 'extended validation' one.
When Afghanistan was taken over the entire .af TLD was probably
transferred using a forged fax to ICANN
(http://web.archive.org/web/20041017031020/http://www.iana.org/cctld/af/razeeq-letter-13aug02.pdf)
but I guess that's a little different :p
Rob
|
