SSL certificate for nxtcrypto.org
Issue #20
resolved
Request by opticalcarrier:
I would like to set up my network of public VPSs on SSL security to act as processors for lite clients that only sign transactions and submit them to public VPSs. A wildcard cert for nxtcrypto.org domain to cover unlimited hosts is 468 euro.
I am already covering all other aspects of finance and operations for the network of VPSs that I run. These have been funded by neer.g and by 1 other donor, I think it was pouncer but not sure. In any event, these 12 VPSs are funded till almost end of year and Im not requesting funding for them at this point. I also run an additional 13 VPSs that are paid for by other members where I simply manage them for the users.
You may have seen development talk regarding lite clients and local signing of transactions so as to be able to run a client that does not maintain a blockchain - these clients simply query public VPSs for account status and they also sign transactions and feed the transactions to the public VPSs to be broadcast to the network and forged into a block by whoever the next forger is.
My proposal is to use HTTPS/SSL encryption on the VPSs to provide a measure of authentication between the users and the VPS used when local signing is implemented (very soon now). This will provide a layer of authentication security from the VPS to the user.
Note that this HTTPS/SSL is not actually required. But IMO it is worth pursuing, and not just for me, but for other VPS operators that can provide a very high level of uptime of their servers for the purpose of serving these lite clients. Another benefit of real live SSL is that it will just "look good" for NXT to be able to brag that there is a network of SSL hosts out there serving the lite clients.
So like I said - not required as these lite clients could just use wellKnownPeers and send signed transactions to them, but IMO the better way to provide reliable service to lite clients is to have the lite client software devs use, instead of random wellKnownPeers, instead use a list of very well maintained, high-available nodes, like the nxtcrypto.org ones, along with others VPS operators who demonstrate competence, and for the added layer of security, use HTTPS/SSL on all of them as more solid proof that the folks running the NXT network know what they are doing.
However, I agree with BCNext on creating a system that is capable of operating without trust. So if you cannot find multiple VPS networks to be preferred by lite clients to serve these lite clients, and mine is the only one, then that scenario would not be able to operate w/o trust and I (and everyone else) would prefer that my VPS network simply not be preferred by the lite clients at all, and in that case, IMO there would be no need for SSL.
Comments (32)
-
reporter
-
Paying for a CA signed certificate just adds to the security theater. Privacy can be handled through a self-signed cert (free).
If lite clients want this for marketing purposes, shouldn't they pay for it as apart of their business plan?
In the existing bitcoin ecosystem, lite clients are tied to specific, trusted servers designed to serve them efficiently. That model seems superior to asking a newbie to pick 1 of 100 public servers to attach their lite client too.
-
I tend to agree. The NRS source code is available at bitbucket, secured by SSL.
Everything else is marketing issue of node/client providers.
-
Account Deleted
Hey guys, we absolutely need SSL (not self signed) for nxtcrypto.org
My web client can no longer connect (via ajax) to nxtcrypto nodes because the SSL is self signed, which browsers don't trust by default. I hope you guys change your mind on this decision.
-
Account Deleted
Here's a good and reasonable price:
I don't think anyone can be against it at that price?
-
reporter
@wesleyh: This is not about the price. We have enough funds. It was declined, because InfCom thinks it makes no sense.
If there is a new rationale why communication between clients and NRS nodes should be SSL encrypted, please let us know.
-
Account Deleted
Read my previous message, ajax requests fail with self signed certs, so a real cert is required.
-
reporter
Why do you use https/SSL at all?
-
Looks like we need to go over this again, if wesleys client really needs SSL. Getting some pressure on the main BTT thread on this. I'll be around in about 6 hours time again...
-
reporter
There is no pressure. It's just that opticalcarrier asks again and again, but fails to follow-up on our comments and questions. I'll post again in the monster thread.
-
We need to get OC and wesley to actually make their reasoning clear on all of the above. I'll check the firehose in a bit, see if M got any response.
-
Account Deleted
I don't think I need SSL, it's just that if a domain uses SSL (like nxtcrypto now), it cannot be self signed, because requests will fail if so. Not sure what jean-luc's position is on this and if SSL is required yes or no.
-
reporter
I am now pro the SSL certificate for the wiki and the forum, since it makes much sense to protect the username/passwords of the users with it.
I am backing out of this issue now and ask my InfCom colleagues to decide on the further proceeding (anonymous SSL certificate or not) without me. Thanks!
-
OK: I've had enough of this discussion, tbh, and I feel that we may be overstepping our mission as InfCom: we are here to finance the NXTwork, not to make definitive decisions on all technical issues.
Leaving aside the forum/wiki issue, where I think SSL is a good(ish) idea: It may be that SSL turns out to be not all that important/useful for the NXTwork, or it may be essential. There is a certain amount of difference of opinion here......Wesleys client seems to have a definite need for HTTPS, imho, in it's current state.
To cut thru all of this: lets authorise purchase of proper (not self-signed) SSL certs to cover nxtcrypto.org.
They can be implemented immediately on the forums/wiki and then the wider NXT community can have a further discussion/brainstorm to see how we should handle Wesleys client and SSL .
Lets look at this decision as buying a tool that might be useful, not making the decision to implement SSL or not.
Anyone with me: lets have a 'Hell, yeah!'
(Optical, Wesley, u guys have a definitive price ? I remember seeing $68 somewhere, which is peanuts.)
-
Of course Browsers do not accept self-signed certificate. Forgot about that.
We need that extra stability from nxtcrypto.org especially when the new client gets into production. I vote for authorizing the purchase of a signed cert by a well-known CA.
Prices discussed here are okay for me.
-
reporter
Two points:
- wesleyh's client does not have a "definite need" for SSL. It's just that if it runs against an SSL node, the SSL certificate can not be self-signed.
- The price of $68 is in fact peanuts, but you need to decide if InfCom should fund for $400 to $500 for an SSL certificate which can be bought anonymously,
-
Consensus is we should have a cert which community recognised sites can be signed with - this means we can also highlight the green-cert identifier that appears in the browser - like 'Atlassian Inc' appears in the https link for bitbucket - so the cert identifier should not be to forum specific and usable by any community recognised e.g. kosher website
-
On anonymous purchase: I'm willing to use my real world ID for it, if it'll bring the price down substantially.
-
Maybe I should have been more specific on zelf signed: wesleys client will reject them if present, but SSL is not essential.
On the cost : OC + wes have recieved some donations, we should be able to cover 50%.
I
-
Apologies for the above wobbly phone posting. Ferment: vote on this, please, mate. Lets put it to bed. I'm going to PM OC and Wes, get them in here to finalise this.
-
I don't really think a SSL cert for web sites if in our scope, but i'll vote to fund it.
-
Sorry it's taken me so long to get back on this.....
Point one: its not begging (or shouldn't be).If u need the funds, just ask and then we'll discuss it and get back to you, probably with funds.
Point two: The SSL cert story has dragged on a bit, because there were a few different opinions on the subject, but in the end InfCom had decided to help finance a NXTwork-wide SSL cert (and maybe some help with setup costs for nxtforum org). Patience is a virtue, committees are slow, thats just how it is.....
So now we are kinda back to square one here.....what will the price be on a NXTwork-wide cert, not just for nxtcrypto ? Using my credentials, natch. Maybe expanding on the cert from nxtforum.org.
And you have about 2000 donated NXT left to throw in the SSL pot?
Get us a number on the NXTwork-wide cert, then we can decide to go large or not...
-
Well, apparently the bitbucket reply to email function doesnt work too well. I wondered why I hadnt heart anything back from you guys, and came here to find that my reply never got posted. Heres what I sent:
Oh, ok got it, sorry I had gotten the idea that first you wanted us to go around asking for donations first before coming to you guys for a project. So anyhow, moving forward from sq1 again...
Unless all devices are on the same domain, its not really possible to have a 'NXTwork-wide' cert. So in order to do what you describe, all devices would have to migrate under nxtcrypto.org or whatever. But, you have to ask, is this really a good idea, to be so centralized? My original proposal had VPS groups remain decentralized in more of a federated model to prevent 1 party from having so much control over the public VPSs that we intend to service the lite clients. So the price for each domain you wanted to support would be $199 per cert.
Remember, I returned that 2000NXT donation, and just forwarded the 5000NXT one from donor buybitcoinscanada to farl4bit for his work.
So it may be that the infrastructure committee, if you are going to renew the 100 nodes that nexern runs (I think it was him, not 100% sure) out of unclaimed coins, may want to just consolidate everything under 1 domain if you also intend to renew the 25 nodes I run in a few months when they expire as well and we'd just have 1 cohesive network then. (but like I said, to do this would be a move towards centralization)
But the basic figure is $199 per domain; but I would really tend to want to keep things split up, lest other coins accuse us of centralization.
-
In theory, I would like people to explore other methods of funding before knocking on InfComs door, but we've been dancing around on this issue for so damn long that I simply want to get it sorted now. And u did use 5kNXT in donations on funding for SSL and hosting on nxtforum.org, which otherwise may have needed something from our funds.
So, what goes around....
All in favour of funding OC for a nxtcrypto SSL cert (purchased on my credentials) at a cost of $199 (converted 2 NXT at the days rate) say aye...
-
aye
-
aye
-
aye
-
The ayes have it.... Optical / forked: send me a PM (pref. on nxtforum.org) with an email address and a NXT account number for the funds. I'll send u my creds back, and put in a request to klee to release the funds to u.
Now, lets move on to the TOR bounty issue: https://bitbucket.org/nxtinfrastructure/committee/issue/33/tor-enabled-capable-nxt-clients
-
Wrapping up the SSL saga finally: Myself and forkedchain worked out the fine details of the SSL application, a wildcard cert from RapidSSL for one year on the entire *.nxtcrypto.org domain is now on its way to fc.
I ended up agreeing to pay for it as well as putting it in my name, otherwise the application and purchase process would have been much more complicated. This makes me now the official ICT manager for nxtcrypto, lucky me.
I will soon receive a bill for € 115 as I used a Dutch provider that was both cheaper and simpler/better for me as regards billing and support. But I would like to get my money back.....could one (or more) of u guys act as a verification agent(s) for my billing ? Dont want me sneaking in extra zeroes when I request klee to release the SSL funding to me.
-
Happy to if no one else has already offered - let me know what you want me to do. Ian
-
Ian: ill just send u a copy of my billing for the SSL cert, then I'll request klee to pay me out and he can verify the amount with u if he feels the need. Just in the cause of transparency. PM me an e-mail add. and i''ll send the bill on.
-
- changed status to resolved
SSL cert bought and paid, think we can file this as resolved.
- Log in to comment
Parts of my feedback from https://bitcointalk.org/index.php?topic=506757.msg5660060#msg5660060
Regarding point 2, I don't think it is wortwhile to have SSL enabled on NRS nodes at all and I think this is the reason why Jean-Luc dropped the default SSL configuration with one of the last releases.
Technically, there is nothing that needs to be protected. The transaction data that is sent from clients to nodes, is the same data that is exchanged between nodes, which themselves do not uses SSL. Or in other words, the beauty of the implementation lies in the fact that no trust is needed. It can't get any better. Putting SSL on top of it, for me just hides the beauty.
For the matter of perceived security ("aesthetics of NXT's presentation of the lite client architecture"), so basically doing SSL while it has no benefit from a security point of view, but having another buzzword for marketing, I think this might backfire on us. There might come up a discussion about nodes not using SSL and that there are safe SSL and unsafe non-SSL nodes and it will be hard to then explain that SSL was never needed in the first place.