public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Matt Corallo <bitcoin-list@bluematt•me>
To: Rick Wesson <rick@support-intelligence•com>
Subject: Re: [Bitcoin-development] bitcoin DNS addresses
Date: Tue, 26 Jul 2011 15:23:39 +0200	[thread overview]
Message-ID: <1311678417.21495.9.camel@Desktop666> (raw)
In-Reply-To: <CAJ1JLts9vcF7bGo8udK9OicWhAUHvmeFDrZQDKBoGQbp-nYGrw@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2640 bytes --]

On Mon, 2011-07-25 at 20:35 -0700, Rick Wesson wrote:
> Matt,
> 
> I started from the premise that I can't remember a bitcoin address but
> I can/do remember email addresses which, as an identity are easy
> labels for humans to remember. The IPv4 address is the metaphor I
> consider. As someone who actually worked on parts of DNSSEC I do
> believe in it -- and that it offers reasonable security for
> transactions.

> Remember MITM attacks on DNS for a transaction are for the sender
> against the merchant, and it is only the wallet ID that would be
> available. These identifiers are something people use "like" an
> identity in that they are frequently shared in public spaces.
> 
Yes, DNSSEC is great if you are running your own recursive name server.
However, that is probably something like 0.01% of the people out there.
If this were to be made secure, one would have to implement a full
recursive nameserver inside of Bitcoin with the root trust anchors
hardcoded in.  This seems like way overkill to do name->address mapping.
(My attack scenario here is coffee shop wifi with the default DNS
resolvers being somewhere at the ISP and a ARP (or other) MITM attack
intercepting and playing with your DNS queries).
Additionally, HTTPS mapping offers some advantages such as ease of
offering up different to different people by eg. IP address (could be
done by setting DNS TTL to 0 and assuming all users will be using a
built-in resolver, but its still not guaranteed that other clients would
use a built-in resolver and then the IP of the resolver is not the same
as the IP of the Bitcoin node).  
Not that DNS is a terrible idea, but there are clear advantages for
using HTTPS (or similar) mapping over DNS and I see no clear advantage
for using DNS over HTTPS (aside from the "that is what it is designed
for" argument, which I would claim is an invalid argument as you have to
consider the technology, not its intent).
> Also, a DNS mapping does not prevent or deny anyone from leveraging
> HTTP(S) for simular mapping. My point is that DNS is designed for name
> to thing mapping and its done a decent job. What I like about the DNS
> is that it is frequently leveraged as a proxy for identity and http
> URIs are not. Where https://wesson.us/ricks-bitcoin-address doesn't
> feel like and identity (to me) and rick.wesson.us does.
> 
> My point is about usability and user experience. Bitcoin if used in
> the DNS might make DNSSEC more popular which IMHO is a good thing.
Hold on there, Bitcoin is still tiny, I highly, highly doubt it will
make a difference to DNSSEC adoption.


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

  parent reply	other threads:[~2011-07-26 13:23 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-07-26  0:29 Rick Wesson
2011-07-26  1:35 ` Matt Corallo
2011-07-26  3:35   ` Rick Wesson
2011-07-26  4:22     ` Luke-Jr
2011-07-26  4:54       ` Rick Wesson
2011-07-26  6:18         ` Luke-Jr
2011-07-26  8:04           ` John Smith
2011-07-26 13:23     ` Matt Corallo [this message]
     [not found]       ` <CAJ1JLtvHubiC_f_a17fnXODs54CCdmxPf8+Zz4M5X9d8VEfFSQ@mail.gmail.com>
     [not found]         ` <1311691885.23041.2.camel@Desktop666>
     [not found]           ` <CAJ1JLtsLXEPFkBuHf6ZKUSVYUnY+NL7TtsEswGvdTYtrZZTXWw@mail.gmail.com>
2011-07-26 16:24             ` Matt Corallo
2011-07-26 16:50               ` Rick Wesson
2011-07-26 17:18                 ` Matt Corallo
2011-07-30 11:34 ` Mike Hearn
2011-07-30 13:42   ` Rick Wesson
2011-07-30 14:07     ` Matt Corallo
2011-07-26 16:32 phantomcircuit

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1311678417.21495.9.camel@Desktop666 \
    --to=bitcoin-list@bluematt$(echo .)me \
    --cc=rick@support-intelligence$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox