Author [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: Mumble alert -Author of DNSChain etc. Starting up here within a few minutes !!!  (Read 818 times)

0 Members and 1 Guest are viewing this topic.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile

I am not sure when he is going to be on.  We are shooting for next Friday the 24th of October but that may change.  So if you want to show up in person, next Friday's mumble session will likely be the day, but subject to change.  Actually this will be held at 2pm eastern.  Or one hour before the previous time.  There will be no regular hangout at 3pm eastern with Dan, as that will be in the morning at 9am eastern.

https://twitter.com/taoeffect

Greg Slepak

He is working on
http://okturtles.com/ and
https://github.com/okTurtles/dnschain

DNSChain (formerly DNSNMC) makes it possible to be certain that you're communicating with who you want to communicate with, and connecting to the sites that you want to connect to, without anyone secretly listening in on your conversations in between.

What is it?
  • DNSChain replaces X.509 PKI with the blockchain
  • Simple and secure GPG key distribution
  • Free SSL certificates become possible
  • Prevents DDoS attacks
  • Certificate revocation that actually works
  • DNS-based censorship circumvention
  • MITM-proof authentication via .dns metaTLD
« Last Edit: October 24, 2014, 05:52:59 PM by gamey »
I speak for myself and only myself.

Offline tonyk

  • Hero Member
  • *****
  • Posts: 3309
    • View Profile
Just when I thought I had enough turtles in my life. 

But those must be OK... after all they are OKturtles 


PS
Seriously though, it is great to have new people. Who scored that guy?
« Last Edit: October 11, 2014, 11:48:34 PM by tonyk »
Lack of arbitrage is the problem, isn't it. And this 'should' solves it.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile

Just when I thought I had enough turtles in my life. 

But those must be OK... after all they are OKturtles

Lol.  Now I get the turtle reference on okTurtles.

I will say I'm actually quite excited about this.  I just love empowering people to take control of our privacy.  Our mumble server was chosen by fuz to make it difficult to listen in on conversations. 

Some people are skeptical as to what levels the NSA will go to co-opt our communications.   Having the ability to remove centralized certificate authorities is a great step. 
I speak for myself and only myself.

Offline tonyk

  • Hero Member
  • *****
  • Posts: 3309
    • View Profile
Speaking of our favorite hi-tech agency, I ran into this yesterday (8 months late, I know)


http://www.zerohedge.com/news/2014-02-24/conspiracy-theory-true-agents-infiltrate-websites-intending-manipulate-deceive-and-d


The point being, the tech defense is great, the common sense one is better!
Lack of arbitrage is the problem, isn't it. And this 'should' solves it.

Online Shentist

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 1605
    • View Profile
    • metaexchange
  • BTS: shentist
great project

will listening

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12175
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BTS: xeroc
  • GitHub: xeroc
Just when I thought I had enough turtles in my life. 

But those must be OK... after all they are OKturtles 
I dare you repeat this ... i spit out my morning coffee through the nose :P

Edit: trying to be there
a cooperation with keyid would be .. mind blowing
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline CoinHoarder

  • Hero Member
  • *****
  • Posts: 628
  • In Cryptocoins I Trust
    • View Profile

Offline bytemaster

Great guy, almost hired him. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline roadscape

Internet 2.0 seems to be arriving much sooner than I expected! Truly a new wave of decentralization.

 +5%
http://cryptofresh.com  |  witness: roadscape

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile


I believe Greg has also integrated KeyID into the DNS DAC on top of his other accomplishments.  So if you have any questions about that, post them or prepare to ask them if you attend !
I speak for myself and only myself.

Offline cass

  • Hero Member
  • *****
  • Posts: 4328
  • /(┬.┬)\
    • View Profile
Great to have you aboard Taoeffect  +5% and great work so far ...

BTW ... historical moment before 2 days .. i've bought a espionage license from tao with DNS ... so i would guess it's the very first product buy with DNS
« Last Edit: October 12, 2014, 08:56:20 PM by cass »
█║▌║║█  - - -  The quieter you become, the more you are able to hear  - - -  █║▌║║█

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile

AFAIK Greg is going to be showing up tomorrow.  I told him if he was busy to show up laterish after Dan is more or less done.  Regardless, I'm a bit excited about this.  I should actually prep some questions. :)
I speak for myself and only myself.

Offline arhag

  • Hero Member
  • *****
  • Posts: 1213
    • View Profile
    • My posts on Steem
  • BTS: arhag
  • GitHub: arhag
Unfortunately I can't attend tomorrow's hangout, but I have a question for Greg, or really anyone else who can answer it.

I have tried to figure it out, but I still do not understand how DNSChain and/or okTurtles actually prevents man-in-the-middle attacks on the browser (or is that not its purpose?). I get how the okTurtles extension is able to verify the signed responses regarding any data in a blockchain like Namecoin or BitShares DNS, but that doesn't help protect the user from a man-in-the-middle of the web page itself. Once the web page is compromised none of the Javascript running in the same sandbox can be trusted anymore anyway.

So maybe I am not even asking the right question here, but I am trying to figure out how we will be able to securely access .p2p websites using BitShares DNS. The one thing I found that seems to have a plausible mechanism is a Firefox plugin (FreeSpeechMe, a fork of Convergence) that appears to change the way the TLS verification of the browser works (if I understood correctly, it is hard to get good detailed information on how it works). Unfortunately it doesn't appear to work in other browsers like Chrome. So, will BitShares DNS only be targeting the Firefox browser, is there some other mechanism planned to prevent man-in-the-middle attacks, or am I just totally misunderstanding this whole thing? I would appreciate any guidance on this topic from anyone. Thanks.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
Unfortunately I can't attend tomorrow's hangout, but I have a question for Greg, or really anyone else who can answer it.

I have tried to figure it out, but I still do not understand how DNSChain and/or okTurtles actually prevents man-in-the-middle attacks on the browser (or is that not its purpose?). I get how the okTurtles extension is able to verify the signed responses regarding any data in a blockchain like Namecoin or BitShares DNS, but that doesn't help protect the user from a man-in-the-middle of the web page itself. Once the web page is compromised none of the Javascript running in the same sandbox can be trusted anymore anyway.

So maybe I am not even asking the right question here, but I am trying to figure out how we will be able to securely access .p2p websites using BitShares DNS. The one thing I found that seems to have a plausible mechanism is a Firefox plugin (FreeSpeechMe, a fork of Convergence) that appears to change the way the TLS verification of the browser works (if I understood correctly, it is hard to get good detailed information on how it works). Unfortunately it doesn't appear to work in other browsers like Chrome. So, will BitShares DNS only be targeting the Firefox browser, is there some other mechanism planned to prevent man-in-the-middle attacks, or am I just totally misunderstanding this whole thing? I would appreciate any guidance on this topic from anyone. Thanks.

Let me try to clarify your question.

So there is MITM by having the Cert Authority hacked and listening in the middle by providing a fake certificate.  With a full DNS DAC client this is not possible because the public keys etc are on the blockchain itself.

Then there is when the site itself is hacked.  You are trying to figure out how DNS could prevent issues here ?  I suspect the answer is that when a site is hacked it is no longer MITM.  Someone would always be able to view the transactions at some level before they are encrypted, so DNS DAC does nothing to address this ?

This is basically the limits of my understanding (misunderstanding?)    Where do we diverge ?
I speak for myself and only myself.

Offline arhag

  • Hero Member
  • *****
  • Posts: 1213
    • View Profile
    • My posts on Steem
  • BTS: arhag
  • GitHub: arhag
So there is MITM by having the Cert Authority hacked and listening in the middle by providing a fake certificate.  With a full DNS DAC client this is not possible because the public keys etc are on the blockchain itself.

My question is how does the DNS DAC client securely feed the public key of a .p2p name into the browser AND how is the antiquated CA-based verification algorithm for TLS connections in the browser updated so that it can approve/reject TLS connections based on whether the supplied public key matches the one in the self-signed certificate provided over the TLS connection.

I get how the okTurtles javascript can securely grab the public key information from an outside process (DNSChain) with the .dns method, but what I haven't been able to figure out yet is what context this javascript is running within and whether it can manipulate the browser's TLS verification to protect the user using the browser's native green lock icon mechanism.

With a little more research I found this information related to extensions in Chrome. It seems that the javascript of the content and of the extension are properly sandboxed from one another and only communicate through the DOM, which is good. However, I don't think it matters all that much in the case of a man-in-the-middle attack of the TLS connection which okTurtles could not prevent against (or can it? I really am not sure). In such a case, I believe any plain-text typed by the user in the text boxes prior to okTurtles having the opportunity to encrypt it would be accessible through the DOM by the compromised web page javascript.

Also, regarding the website itself being hacked, although that wasn't originally part of my question, it does bring up another good point. Isn't the point of encrypting the text locally using okTurtles prior to sending it because the user doesn't want to trust the web site operator in addition to worrying about man-in-the-middle attacks? But even if man-in-the-middle attacks were solved, the web site operator could still feed malicious javascript to steal the plain-text before okTurtles can encrypt it, since the text is written in the same sandbox as the page. If the user wants real security, all plain-text would have to be written and viewed in a separate context that cannot be accessed by the web page through the DOM. Again, I don't know the specifics of how all this browser isolation works (and how it differs between the various browser vendors), but it seems to me that it would require a separate window. Maybe some iframe hacks could work as well from a back-end isolation perspective, but then I worry about the web page visually mimicking the okTurtles "secure" textboxes and tricking the user to type their data in a text box that spies on them.


 

Google+