There has been many talks about SSL in the Gridcoin community the last few weeks. I will try to elaborate on the topic and why this is such an important thing for us.

The basic - How it all works

Gridcoin, as many of you know, is based on that "miners" crunch work for one of the whitelisted BOINC projects. BOINC in itself is a platform of its own and Gridcoin has no direct control in how it should work. Every day the Gridcoin network collects, files and compares how much work all of the users in the team has done and the network makes a consensus for the rewards.

The projects - Account security

All of the BOINC projects requires all of its users to sign up with an e-mail address and a password. The Gridcoin wallet requires you to use the same e-mail address for all the projects you want to get rewarded for since the network links that e-mail address with your CPID (Cross Platform ID) that BOINC creates. When you have several projects running you usually use a Project Manager, like BOINCStats. The Project Manger helps you make sure you sign up to projects with the same CPID and also lets you control all your BOINC clients in one place. You get controls to tell your clients what project to run, how much CPU/GPU to use and when to use it. Imagine this account login got in the wrong hands

The security risk - What MITM is all about.

The risk of not running a SSL is that every time your BOINC clients talks to the Project Manager or project, your credentials are sent over the internet in plain text, visible to anyone with the right tools or on the right place, this is called a "Man in the Middle"-attack. There are a few different scenarios:

You are connected to an open network and this usually has no encryption. Anyone with the right equipment can read what is transmitted from your machine to the router.
You are using a "free" internet that is publicly available. The provider of this free service can see all the traffic and can gather intel and habits on your usage. They can see what is transmitted.
You are connected to a network with a system admin that monitors the network. This system admin will be able to see what is transmitted, including your credentials.
The authorities monitor the traffic. They are able to see what is transmitted, including your credentials.

You can see the picture here. Any part of the road that your traffic is routed trough can potentially be monitored, intercepted and manipulated. There is no way to know how you could be affected, but there are risks out there. Your data can be manipulated. If your traffic is monitored and read it can be manipulated to, meaning that they can alter the data sent out to a project telling them other things than what your computer sends out.

The solution - Where SSL comes in

The solution to this problem has been around since a very long time and is called SSL (Secure Socket Layer). SSL means that anything your computer transmits is encrypted before it is sent out. The only thing visible to anyone monitoring the traffic is where the data is sent, the rest is an encrypted string of data and highly impossible to decode without the right keys. This is a solution that most of the time is not costly, there are many places that give out free SSL certificates that are just as good as one you pay for, it still encrypts the data. The ones that are paid for are usually bigger SSL issuer that also makes sure that the one that gets the certificate also is the one it sais it is. SSL has become more popular and today isn't costly and easy to implement.

Why this is so important to the Gridcoin community

The main reason for Gridcoin to enforce SSL is because we want to secure Your accounts. We are a big player in many projects and if a topic is of great concern to us we raise our voice and expect to be heard.

What you can do

You should first look if the projects you are interested in are risking to be delisted because of SSL certificate issues in the projects forum. You should raise your voice and contact the projects admins regarding your concern about MITM attacks and your own security. If the project is not implementing, or denies the request, it risks getting voted our of the whitelist. The goal is not to vote out projects and leave them, we embrace all projects that are good and gives good value to the community, but we value Your security more than anything.

Thanks for your contribution to the community, the world and science.

Gridcoin Tutorial; Why SSL is so important for us