[cryptography] DNSNMC replaces Certificate Authorities with Namecoin and fixes HTTPS security

Eduardo Robles Elvira edulix at gmail.com
Sat Dec 21 16:04:03 EST 2013

Hash: SHA256

On 21/12/13 20:49, Greg wrote:
> Hi list,
> DNSNMC fixes the authentication problems previously described, and
> it addresses all of the problems that with the previously mentioned
> proposals. It does this first by combining DNS with Namecoin (NMC),
> and then by encouraging a “trust only those you know” policy.5
> “Namecoin is an open source decentralized key/value registration
> and transfer system based on Bitcoin technology”.[16] Namecoin
> “squares Zooko’s Triangle”, meaning, it makes it possible to have
> domain names (and other types of identifiers) that are:
> Authenticated: users can be certain that they are not speaking to
> an impostor
> Decentralized: there is no central authority controlling all the
> names
> Human-readable: names look just like today’s domain names
> However, by itself, Namecoin does not provide the means by which
> ordinary users can take advantage of the features it provides.
> Using Namecoin is far too cumbersome for the vast majority of
> internet users, even those with years of computer expertise. For
> one, it cannot be used on mobile devices (like iPhones) in its
> current state because of its network requirements.
> DNSNMC provides the missing “glue” to the Namecoin blockchain that
> makes it immediately accessible to clients of all types with zero
> configuration. A network administrator need only enter the IP
> address of a DNSNMC-compliant DNS server to instantly make the
> information within the blockchain accessible to all of the users
> that she (or he) provides internet access to.
> Paper: http://okturtles.com/other/dnsnmc_okturtles_overview.pdf
> Cheers, Greg Slepak

Hello Greg:

The obvious problem with this is that namecoin doesn't have all the
domain names already registered assigned to the current owners, and
there's no arbitration authority that can prevent domain cibersquatting.

So I can register all the important domains: microsoft, ebay, google,
nsa, whitehouse, you name it, and I will be the owner of them forever.
What's worse, if the domain keys are lost, the domain name is lost too.

There should be a procedure to fix all this in a reasonable manner.
For example, if names in namecoin had to be renovated each year, lost
or unused domains could be recovered. I don't see any simple way to
solve domain name squatting without adding some trusted authority or
some kind of cumbersome/impractical voting mechanism.

For new projects, namecoin is more or less as viable as current DNS
structure: when you are searching for a name, just check that it is
available. But for existing websites, it would require some good luck.
How would you do a smooth transition?


Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


More information about the cryptography mailing list