[cryptography] First public DNSChain server went online yesterday!

Natanael natanael.l at gmail.com
Sat Feb 8 20:20:19 EST 2014


Den 9 feb 2014 00:53 skrev "Eric Mill" <eric at konklone.com>:
>
> On Sat, Feb 8, 2014 at 4:38 PM, Natanael <natanael.l at gmail.com> wrote:
>>
>> 1: Domains expire unless renewed.
>
> I did not understand that about Namecoin at all, that is A+.
>>
>> 3: The security model of blockchain based systems like Namecoin is that
the primary chain had the greatest amount of proof-of-work behind it, and
you can't fake the proof-of-work. You can try to isolate a node and provide
a fake chain, but the moment the client sees the current main chain it will
see it has more proof-of-work behind it and dismiss the previous shorter
chain.
>
> This isn't what I mean - what if someone is MITMing all your connections
to the blockchain, so you're being presented with all fake chains, and
never have a chance to see the real one? In other words, how is the
connection to the blockchain itself secured? Some DNSSEC equivalent?
>
> -- Eric

That is the isolation scenario I mentioned. You need to find a node
connected to the main network with the longest chain. All nodes has a set
of introduction servers they have hardcoded that they ask about peer IP:s
from the first time they start, from then on they try to maintain a direct
P2P connection to the network themselves.

You're worried about your node being isolated in a network of fake nodes?
Find IP addresses of tons of other hopefully real nodes and tell it to
connect to them. One of the nodes is likely to know the real chain. You can
do this node hunting IRL, by phone, or directly on the Internet.

- Sent from my phone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140209/cd746204/attachment-0001.html>


More information about the cryptography mailing list