Author Topic: Here is my rant about namecoin  (Read 3026 times)

0 Members and 1 Guest are viewing this topic.

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
It would nice if one day browsers and all other internet clients would use a standardized interface to ask the OS for the IP address and public key tuple for that domain name as determined by the DNS blockchain software installed on the computer (I'm hoping it's BitShares DNS : ) ). Then the internet client would validate the TLS connection directly using the given public key.

It's fairly standardized, I think this is actually the easiest way.

It is? A standard that browser makers all use today (without needing extensions and plugins) that we can plug BitShares DNS right into? What exactly is that and how does it work?


Offline toast

  • Moderator
  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
It would nice if one day browsers and all other internet clients would use a standardized interface to ask the OS for the IP address and public key tuple for that domain name as determined by the DNS blockchain software installed on the computer (I'm hoping it's BitShares DNS : ) ). Then the internet client would validate the TLS connection directly using the given public key.

It's fairly standardized, I think this is actually the easiest way. Onramp is via KeyID for secure signin / email to at least get enough users for the first .p2p sites to pop up because the userbase is worth something.
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
It would nice if one day browsers and all other internet clients would use a standardized interface to ask the OS for the IP address and public key tuple for that domain name as determined by the DNS blockchain software installed on the computer (I'm hoping it's BitShares DNS : ) ). Then the internet client would validate the TLS connection directly using the given public key.

Until that magical day, backwards compatibility hacks are needed to easily get adoption in the beginning. It would be really powerful if I could use my browser (with no extensions or plugins), have traditional HTTPS sites work, and have blockchain registered domains also securely work (with no risk of man-in-the-middle attacks). I've briefly described how I would like to see this done. Just have a local HTTP proxy daemon running on the computer which man-in-the-middle attacks SSL connections and rewrites the SSL certificate and signs it with its own local trusted CA key. If the domain is a legacy domain signed by a third-party CA in a list of trusted legacy CAs, then the proxy will resign the certificate with its own key. If the domain is a BitShares DNS domain that validates according to the blockchain, then the proxy will sign the certificate with its own key. Otherwise, break the certificate so the browser complains. Then the browser is set up to only have one trusted CA key (the one of the local proxy) and is configured to use the HTTP proxy.

The real trouble is how this could work on mobile devices. You would need to be able to run a daemon proxy accepting the mobile browser's HTTP(S) connections. This might work on Android, not sure about iOS. Maybe a custom browser app is the other way to go on mobile?

Offline mdw

  • Jr. Member
  • **
  • Posts: 28
    • View Profile
First goal is just to get the domain system fully functional.

Then tackle the issue of getting names to resolve in a secure way for the average Joe. It's tricky. Browser plugins + DNSChain sounds like a workable way in the near term to solve the problem for browsing the .p2p web securely, but other Internet traffic is still challenging.

If secure DNS was simple it would've been done before and the opportunity would not exist.
"A good friend will always stab you in the front." - Oscar Wilde

Offline cryptosile

  • Full Member
  • ***
  • Posts: 56
    • View Profile
I really want the namecoin concept to succeed.  Maybe that will happen through the bitsharesDNS project.  I'm hoping that maybe bitshares can explode onto the scene with these issues resolved:

Namecoin Rant:
https://www.everydaycrypto.com/?p=71