HTTPS certificate for maidsafe.net


#1

I’ve been wondering this a while, when will maidsafe.net get it’s own HTTPS certificate? I think the site is currently hosted on Github, but you can really easily move it to a DigitalOcean droplet for $5/month if you need to. And the cost really shouldn’t be an issue, especially with Let’s Encrypt coming out in the next few months.

Everyone should really be using HTTPS, especially if you’re going to be distributing installers from your site. I don’t know if everyone is like this, but whenever I see that a service isn’t using HTTPS, they instantly lose credibility in my mind. Even the forum has a certificate!

If you wanted to host it on a separate server, all you would need to do is use a cron script that runs every 30 minutes:

git pull git@github.com:maidsafe/maidsafe.github.io

#2

We get asked this a lot, it will never hold any info or data and won’t ask for passwords etc. So we have no requirement so far for ssl or tls, plus I really don’t trust CA’s :wink:


#3

True, but what about distributing the installers? Man in the middle attacks are a potentially big problem for something like Maidsafe. You may not need ssl or tls, but that doesn’t mean you shouldn’t use it anyway.

Here are the two main reasons why I think you should be using HTTPS (thanks to the medium):

Protect Your Users’ Privacy

First and foremost, HTTPS protects your users.
Posting a news update on a user forum may cost a dissident his life in
an oppressive regime ; A strict workplace may terminate employment based
on an employee’s browsing activity; And of course, the Snowden affairs
have clearly shown governments simply can’t get enough of this data.Using

HTTPS makes it dramatically harder for these players to know what users

are doing, and helps you maintain your most important
responsibility — your users trust.

Browsers to mark HTTP as Insecure

Today, browsers mark HTTPS by painting the URL green or adding a lock
only if the site is properly encrypted. These markers actually convey a
false sense of security, stating HTTPS websites are secure when they
may be woefully insecure once you reach the server. What is accurate is that unencrypted HTTP connections are insecure.

Browsers are now poised to update their indicators accordingly. Both Google & Firefox have stated they’ll mark HTTP sites first as dubious and then as insecure,

possibly as early as this year. If you remain on HTTP, your users may
be explicitly told you are insecure, reducing their trust in you.

Note: The effectiveness of passive markers, positive or negative, is minimal, and browsers may evolve those warnings to actual click through warnings.


#4

They will be from https: then safe: :slight_smile:

I agree with your statements though if anyone was uploading any data to us we would certainly be https We should perhaps look again, but it’s such a small aspect of what we are doing just now … oh well yes we should look I suppose. I will raise an internal ticket perhaps, but hope we don’t kill off http based browsers or the likes. I will try and let others think about it as I am way past flat oot today :wink: hope you don’t mind, I do appreciate the comments and data though. I hope you trust a CA, I know yer browser will though :smiley:

Yip we will progress something at some stage, I see it as a nice to have, maybe.


#5

I don’t really trust CAs that much either, but that’s not what I’m worried about. I’m more concerned about the lack of encryption during the communication between the browser and server. :wink:


#6

Agree, but also broken encryption is sometimes worse than none. Just wary of false security and providing more than we need when we cannot be sure it’s real security (look at ssl 1 2 and now 3). It’s gonna please the masses though and that’s possibly a motivator and it’s less for folk to talk about as well I suppose. Even with it though we will never collect data or allow uploads there, it’s way to dangerous. Even if we think it’s safe, this is where I have an issue, with http you know it’s not safe, but https you think it is and do daft stuff. We will be rid of it all soon enough though.


#7

I’m pretty sure the installers will have a sha56sum next to them, so a man in the middle shouldn’t be an issue for that, right?


#8

Yes as long as the hash has not been replaced as well :wink: I looked into a lot of this all the way to reproducible builds a while back and it’s a nightmare. Even reproducible builds have issues, but amazingly an exploited download can also taint your hash prog to display the correct hash for the wrong data. Our binaries will be signed (which is one better than hash IMHO) which will help. So a way for us right now is signed binaries and hope folk have our correct public key.

This is part of SAFE that would be great to improve upon, but we can be as good as the current best I feel, then all work together to get better. On SAFE itself though you will retrieve a hash so may be a lot more opportunity for improvement soon.


#9

Will the Firefox plugin require any additional software to allow downloads like this? It would be awesome to just download Firefox, install plugin, then download safe net files immediately!


#10

It could actually, must discuss further, quite a statement actually, nice one.


#11

Sounds like a plausible exploitation between firefox, and safenet. Hint, javascripts.


#12

To download the installer. Use Tor to verify if sha###sum is the same than your local browser. If so you are safe. I don’t imagine you can be victim of the man in the middle attack on both side with the same sum.


#13

Depends on how the MITM attack is conducted. Your approach will protect against, say, someone on a public wifi connection performing an ARP spoofing attack, but might not work against DNS cache poisoning, and definitely wouldn’t work if the MITM was attacking maidsafe.net’s connection, and not yours.


#14

#15

That answer is in line with my existing assumptions about how DNS on TOR works. It won’t do anything against DNS cache poisoning so long as both of the DNS servers being queried are affected by the attack.


#16

I understand.

That answer is in line with my existing assumptions about how DNS on TOR works. It won’t do anything against DNS cache poisoning so long as both of the DNS servers being queried are affected by the attack.

There will be always some risk at some point. Personally, I’m not going to be crazy enough to look the sha with tor. But that reduce the risk for the security maniac guy. I get your point.


#17

Lol, let’s let the team focus on making the new internet, so none of this internet security stuff will even matter anymore.

Let’s not distract them with worrying about MaidSafe.net… The SAFE network is of much greater importance :slight_smile:


#18

Sorry for reviving a dead topic, but it seems like this is still an issue now that the SAFE Launcher is being distributed from maidsafe.net.

The download itself is served over HTTPS from GitHub, but the link is served over HTTP so it could be modified.

The proxy .pac file is also served insecurely and could be modified maliciously.


#19

@frabrunelle and @Krishna_Kumar only today enabled ssl on maidsafe.net so this is gonna change iminimently. Now we have downloads we had to.


#20

Great! Will this cover the .pac file as well? If not, I think the instructions should note that a file:// URL can be used to configure the proxy locally as well.