[cryptography] First public DNSChain server went online yesterday!

Greg greg at kinostudios.com
Sat Feb 8 20:39:39 EST 2014

One more thought:

Let's take the case where you already have a portion of the blockchain downloaded.

Let's say that at time A you had a complete copy of it.

At time B > A, the NSA decides to not like you and encloses your DNSChain server in a Matrix (I bet they'll even use that term).

Bitcoin itself already has some signature checking for transactions and blocks. The NSA won't be able to convince your server that your friend "id/jon" is someone else. His records can only be modified by himself, because he holds the private key with which he signs his transactions.

They would only be able to censor new information, and feed you false data about things that didn't exist after time B.

So, in this way, new nodes are protected by obscurity, and old nodes are protected by a good memory. ;-)

Censorship is a problem that DNSChain doesn't tackle directly. It tackles authentication.


Please do not email me anything that you are not comfortable also sharing with the NSA.

On Feb 8, 2014, at 7:20 PM, Greg <greg at kinostudios.com> wrote:

> On Feb 8, 2014, at 5:52 PM, Eric Mill <eric at konklone.com> wrote:
>> This isn't what I mean - what if someone is MITMing all your connections to the blockchain, so you're being presented with all fake chains, and never have a chance to see the real one? In other words, how is the connection to the blockchain itself secured? Some DNSSEC equivalent?
> At the moment, I don't believe that bitcoin (and therefore namecoin), offer new nodes any protection from such an attack.
> Simply being a new node is in itself a defense. If you're small fry and nobody knows about your node, why would they bother?
> On the other hand, if someone is out to get you, they can definitely give you a fake version of reality with IP-based attacks and traffic redirection/manipulation. This is true for all networks, and might be an inherent property of the idea of a network.
> So, the first step to mitigate such a "Matrix-like" attack, is to stumble upon a trustworthy node.
> In the movie The Matrix, Neo is actually rescued from his reality-bubble.
> Speaking of which, what's going on in North Korea right now btw? ;-)
> Once you've found a trust-worthy node, live becomes a bit simpler. At that point, cryptographic signatures will protect you from lies, but they won't protect you from censorship on a network that you do not own. You can also use your time with your friendly to grab a copy of the "real" blockchain from them (but how do the two of you know that you're not *both* being held in a reality bubble?!? :-P).
> That is a problem that cannot be tackled by software (as far as I know).
> Other attacks of interest:
> https://en.bitcoin.it/wiki/Weaknesses
> Cheers,
> Greg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140208/88d312d5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140208/88d312d5/attachment-0001.asc>

More information about the cryptography mailing list