Namecoin Forum

The first secure, decentralized, human-meaningful naming system.
https://forum.namecoin.org/

Method of communication for meetings

https://forum.namecoin.org/viewtopic.php?f=5&t=2349

Page 2 of 2

Re: Method of communication for meetings

Posted: Thu Jul 30, 2015 7:28 am
by biolizard89
phelix wrote:
biolizard89 wrote:
phelix wrote:What about http://www.darkscience.net/ ?

It is somewhat scary that it is so difficult to find a good communication channel.
Their website isn't using a trusted TLS cert, so there's no way to know if the IRC server info on that website is authentic.
SSL
Our server’s only accept SSL connections, you MUST enable SSL to connect. Our server’s certificates are signed by CAcert. You can find the root certificate at CAcert, these certificates are usually included with a ca-certificates package

Tor
You can connect to Dark Science using our tor hidden service with the address darksci3bfoka7tw.onion . Alternatively the DNS record tor.irc.darkscience.net will resolve to a tor hidden service.
The IRC daemon might have trusted TLS (I haven't checked), but their website definitely doesn't. So any addresses listed on that website are not trustworthy.

Re: Method of communication for meetings

Posted: Thu Jul 30, 2015 8:00 am
by domob
My personal opinion is that CAcert is "good", even though it is not trusted by most browsers by default. For someone who cares about security, it should be relatively easy to import the CAcert root (I've done so) and be sure they got the correct one. Debian shipped the cert trusted by default for some time, but stopped doing so lately. The certificate can still be installed from their package repository, I think.

Re: Method of communication for meetings

Posted: Thu Jul 30, 2015 8:56 am
by biolizard89
domob wrote:My personal opinion is that CAcert is "good", even though it is not trusted by most browsers by default. For someone who cares about security, it should be relatively easy to import the CAcert root (I've done so) and be sure they got the correct one. Debian shipped the cert trusted by default for some time, but stopped doing so lately. The certificate can still be installed from their package repository, I think.
The website in question has a TLS certificate that doesn't even have the website's domain name in its CN/SAN. The CA it uses is of secondary concern.

Re: Method of communication for meetings

Posted: Thu Jul 30, 2015 3:37 pm
by phelix
Why is it important to know who operates the IRC server? All communication is public anyway.

Re: Method of communication for meetings

Posted: Thu Jul 30, 2015 3:40 pm
by biolizard89
phelix wrote:Why is it important to know who operates the IRC server? All communication is public anyway.
Among probably other things, an impostor IRC server could impersonate users.

Re: Method of communication for meetings

Posted: Thu Jul 30, 2015 6:32 pm
by phelix
biolizard89 wrote:
phelix wrote:Why is it important to know who operates the IRC server? All communication is public anyway.
Among probably other things, an impostor IRC server could impersonate users.
lol, I had expected identification would be between users.
All times are UTC
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited