[cryptography] DNSNMC replaces Certificate Authorities with Namecoin and fixes HTTPS security

Kevin kevinsisco61784 at gmail.com
Sat Dec 21 22:01:48 EST 2013


On 12/21/2013 6:38 PM, Kelly John Rose wrote:
> This is my concern as well. Part of the current system is the cost of 
> entry. If there is no central authority, and all people can simply 
> create teh domains they want, then there will be the very serious 
> issue of someone going to the microsoft in that domain name space and 
> not getting microsoft, but getting an imposter.
>
> Or worse, someone going to Bank of America and getting an imposter.
>
>
> On Sat, Dec 21, 2013 at 4:04 PM, Eduardo Robles Elvira 
> <edulix at gmail.com <mailto:edulix at gmail.com>> wrote:
>
>     -----BEGIN PGP SIGNED MESSAGE-----
>     Hash: SHA256
>
>     On 21/12/13 20:49, Greg wrote:
>     > Hi list,
>     >
>     > DNSNMC fixes the authentication problems previously described, and
>     > it addresses all of the problems that with the previously mentioned
>     > proposals. It does this first by combining DNS with Namecoin (NMC),
>     > and then by encouraging a "trust only those you know" policy.5
>     >
>     > "Namecoin is an open source decentralized key/value registration
>     > and transfer system based on Bitcoin technology".[16] Namecoin
>     > "squares Zooko's Triangle", meaning, it makes it possible to have
>     > domain names (and other types of identifiers) that are:
>     >
>     > Authenticated: users can be certain that they are not speaking to
>     > an impostor
>     >
>     > Decentralized: there is no central authority controlling all the
>     > names
>     >
>     > Human-readable: names look just like today's domain names
>     >
>     > However, by itself, Namecoin does not provide the means by which
>     > ordinary users can take advantage of the features it provides.
>     > Using Namecoin is far too cumbersome for the vast majority of
>     > internet users, even those with years of computer expertise. For
>     > one, it cannot be used on mobile devices (like iPhones) in its
>     > current state because of its network requirements.
>     >
>     > DNSNMC provides the missing "glue" to the Namecoin blockchain that
>     > makes it immediately accessible to clients of all types with zero
>     > configuration. A network administrator need only enter the IP
>     > address of a DNSNMC-compliant DNS server to instantly make the
>     > information within the blockchain accessible to all of the users
>     > that she (or he) provides internet access to.
>     >
>     > Paper: http://okturtles.com/other/dnsnmc_okturtles_overview.pdf
>     >
>     > Cheers, Greg Slepak
>
>     Hello Greg:
>
>     The obvious problem with this is that namecoin doesn't have all the
>     domain names already registered assigned to the current owners, and
>     there's no arbitration authority that can prevent domain
>     cibersquatting.
>
>     So I can register all the important domains: microsoft, ebay, google,
>     nsa, whitehouse, you name it, and I will be the owner of them forever.
>     What's worse, if the domain keys are lost, the domain name is lost
>     too.
>
>     There should be a procedure to fix all this in a reasonable manner.
>     For example, if names in namecoin had to be renovated each year, lost
>     or unused domains could be recovered. I don't see any simple way to
>     solve domain name squatting without adding some trusted authority or
>     some kind of cumbersome/impractical voting mechanism.
>
>     For new projects, namecoin is more or less as viable as current DNS
>     structure: when you are searching for a name, just check that it is
>     available. But for existing websites, it would require some good luck.
>     How would you do a smooth transition?
>
>     Regards,
>     Eduardo
>
>     -----BEGIN PGP SIGNATURE-----
>     Version: GnuPG v2.0.22 (GNU/Linux)
>     Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
>     iF4EAREIAAYFAlK2AkMACgkQqrnAQZhRnarZDgEAsaB0O3+sV8FEvGkpPATOgWoN
>     md6Wt6TYCdpZ2oUTdkABAI7+NaHF+t2e6cL6v5Jc8vEnfUMCgGTTdxHRBc2Jp9My
>     =48ZL
>     -----END PGP SIGNATURE-----
>     _______________________________________________
>     cryptography mailing list
>     cryptography at randombit.net <mailto:cryptography at randombit.net>
>     http://lists.randombit.net/mailman/listinfo/cryptography
>
>
>
>
> -- 
> Kelly John Rose
> Toronto, ON
> Phone: +1 647 638-4104
> Twitter: @kjrose
> Skype: kjrose.pr <http://kjrose.pr>
> Gtalk: iam at kjro.se <mailto:iam at kjro.se>
> MSN: msn at kjro.se <mailto:msn at kjro.se>
>
> Document contents are confidential between original recipients and sender.
>
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
Yes indeed.  I can hear the sounds of a squeaky *cough* backdoor.


-- 
Kevin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20131221/cdd4e8d6/attachment.html>


More information about the cryptography mailing list