BitShares Forum
Other => Graveyard => KeyID => Topic started by: cryptosile on September 09, 2014, 05:14:36 am
-
I really want the namecoin concept to succeed. Maybe that will happen through the bitsharesDNS project. I'm hoping that maybe bitshares can explode onto the scene with these issues resolved:
Namecoin Rant:
https://www.everydaycrypto.com/?p=71 (https://www.everydaycrypto.com/?p=71)
-
First goal is just to get the domain system fully functional.
Then tackle the issue of getting names to resolve in a secure way for the average Joe. It's tricky. Browser plugins + DNSChain sounds like a workable way in the near term to solve the problem for browsing the .p2p web securely, but other Internet traffic is still challenging.
If secure DNS was simple it would've been done before and the opportunity would not exist.
-
It would nice if one day browsers and all other internet clients would use a standardized interface to ask the OS for the IP address and public key tuple for that domain name as determined by the DNS blockchain software installed on the computer (I'm hoping it's BitShares DNS : ) ). Then the internet client would validate the TLS connection directly using the given public key.
Until that magical day, backwards compatibility hacks are needed to easily get adoption in the beginning. It would be really powerful if I could use my browser (with no extensions or plugins), have traditional HTTPS sites work, and have blockchain registered domains also securely work (with no risk of man-in-the-middle attacks). I've briefly described (https://bitsharestalk.org/index.php?topic=6801.msg94123#msg94123) how I would like to see this done. Just have a local HTTP proxy daemon running on the computer which man-in-the-middle attacks SSL connections and rewrites the SSL certificate and signs it with its own local trusted CA key. If the domain is a legacy domain signed by a third-party CA in a list of trusted legacy CAs, then the proxy will resign the certificate with its own key. If the domain is a BitShares DNS domain that validates according to the blockchain, then the proxy will sign the certificate with its own key. Otherwise, break the certificate so the browser complains. Then the browser is set up to only have one trusted CA key (the one of the local proxy) and is configured to use the HTTP proxy.
The real trouble is how this could work on mobile devices. You would need to be able to run a daemon proxy accepting the mobile browser's HTTP(S) connections. This might work on Android, not sure about iOS. Maybe a custom browser app is the other way to go on mobile?
-
It would nice if one day browsers and all other internet clients would use a standardized interface to ask the OS for the IP address and public key tuple for that domain name as determined by the DNS blockchain software installed on the computer (I'm hoping it's BitShares DNS : ) ). Then the internet client would validate the TLS connection directly using the given public key.
It's fairly standardized, I think this is actually the easiest way. Onramp is via KeyID for secure signin / email to at least get enough users for the first .p2p sites to pop up because the userbase is worth something.
-
It would nice if one day browsers and all other internet clients would use a standardized interface to ask the OS for the IP address and public key tuple for that domain name as determined by the DNS blockchain software installed on the computer (I'm hoping it's BitShares DNS : ) ). Then the internet client would validate the TLS connection directly using the given public key.
It's fairly standardized, I think this is actually the easiest way.
It is? A standard that browser makers all use today (without needing extensions and plugins) that we can plug BitShares DNS right into? What exactly is that and how does it work?