1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <bitcoin-list@bluematt.me>) id 1Qlhc1-0001mb-H6
for bitcoin-development@lists.sourceforge.net;
Tue, 26 Jul 2011 13:23:53 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of bluematt.me
designates 208.79.240.5 as permitted sender)
client-ip=208.79.240.5; envelope-from=bitcoin-list@bluematt.me;
helo=smtpauth.rollernet.us;
Received: from smtpauth.rollernet.us ([208.79.240.5])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.76) id 1Qlhbz-00077n-Va
for bitcoin-development@lists.sourceforge.net;
Tue, 26 Jul 2011 13:23:53 +0000
Received: from smtpauth.rollernet.us (localhost [127.0.0.1])
by smtpauth.rollernet.us (Postfix) with ESMTP id EDCEC594020
for <bitcoin-development@lists.sourceforge.net>;
Tue, 26 Jul 2011 06:23:30 -0700 (PDT)
Received: from mail.bluematt.me (mail.bluematt.me [IPv6:2001:470:9ff2:2::13])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
(Authenticated sender: @bluematt.me)
by smtpauth.rollernet.us (Postfix) with ESMTPSA
for <bitcoin-development@lists.sourceforge.net>;
Tue, 26 Jul 2011 06:23:30 -0700 (PDT)
Received: from [IPv6:2001:470:9ff2:1:2c0:caff:fe33:858b] (unknown
[IPv6:2001:470:9ff2:1:2c0:caff:fe33:858b])
by mail.bluematt.me (Postfix) with ESMTPSA id D1121375
for <bitcoin-development@lists.sourceforge.net>;
Tue, 26 Jul 2011 15:23:39 +0200 (CEST)
From: Matt Corallo <bitcoin-list@bluematt.me>
To: Rick Wesson <rick@support-intelligence.com>
In-Reply-To: <CAJ1JLts9vcF7bGo8udK9OicWhAUHvmeFDrZQDKBoGQbp-nYGrw@mail.gmail.com>
References: <CAJ1JLts5_r6hHoJR-gS-CuuvS00p=RQ6iYbCyOkBDcvgs1xtew@mail.gmail.com>
<1311644156.29866.4.camel@Desktop666>
<CAJ1JLts9vcF7bGo8udK9OicWhAUHvmeFDrZQDKBoGQbp-nYGrw@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha1";
protocol="application/pgp-signature";
boundary="=-NlmWAARXilQmk8jtGPvo"
Message-ID: <1311678417.21495.9.camel@Desktop666>
Mime-Version: 1.0
Resent-From: Matt Corallo <bitcoin-list@bluematt.me>
Resent-To: bitcoin-development <bitcoin-development@lists.sourceforge.net>
Date: Tue, 26 Jul 2011 15:23:39 +0200
X-Mailer: Evolution 2.32.2
X-Rollernet-Abuse: Processed by Roller Network Mail Services. Contact
abuse@rollernet.us to report violations. Abuse policy:
http://rollernet.us/abuse.php
X-Rollernet-Submit: Submit ID 2212.4e2ebfd2.96481.0
Resent-Message-Id: <20110726132330.EDCEC594020@smtpauth.rollernet.us>
Resent-Date: Tue, 26 Jul 2011 06:23:30 -0700 (PDT)
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
X-Headers-End: 1Qlhbz-00077n-Va
Subject: Re: [Bitcoin-development] bitcoin DNS addresses
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 13:23:53 -0000
--=-NlmWAARXilQmk8jtGPvo
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
On Mon, 2011-07-25 at 20:35 -0700, Rick Wesson wrote:
> Matt,
>=20
> I started from the premise that I can't remember a bitcoin address but
> I can/do remember email addresses which, as an identity are easy
> labels for humans to remember. The IPv4 address is the metaphor I
> consider. As someone who actually worked on parts of DNSSEC I do
> believe in it -- and that it offers reasonable security for
> transactions.
> Remember MITM attacks on DNS for a transaction are for the sender
> against the merchant, and it is only the wallet ID that would be
> available. These identifiers are something people use "like" an
> identity in that they are frequently shared in public spaces.
>=20
Yes, DNSSEC is great if you are running your own recursive name server.
However, that is probably something like 0.01% of the people out there.
If this were to be made secure, one would have to implement a full
recursive nameserver inside of Bitcoin with the root trust anchors
hardcoded in. This seems like way overkill to do name->address mapping.
(My attack scenario here is coffee shop wifi with the default DNS
resolvers being somewhere at the ISP and a ARP (or other) MITM attack
intercepting and playing with your DNS queries).
Additionally, HTTPS mapping offers some advantages such as ease of
offering up different to different people by eg. IP address (could be
done by setting DNS TTL to 0 and assuming all users will be using a
built-in resolver, but its still not guaranteed that other clients would
use a built-in resolver and then the IP of the resolver is not the same
as the IP of the Bitcoin node). =20
Not that DNS is a terrible idea, but there are clear advantages for
using HTTPS (or similar) mapping over DNS and I see no clear advantage
for using DNS over HTTPS (aside from the "that is what it is designed
for" argument, which I would claim is an invalid argument as you have to
consider the technology, not its intent).
> Also, a DNS mapping does not prevent or deny anyone from leveraging
> HTTP(S) for simular mapping. My point is that DNS is designed for name
> to thing mapping and its done a decent job. What I like about the DNS
> is that it is frequently leveraged as a proxy for identity and http
> URIs are not. Where https://wesson.us/ricks-bitcoin-address doesn't
> feel like and identity (to me) and rick.wesson.us does.
>=20
> My point is about usability and user experience. Bitcoin if used in
> the DNS might make DNSSEC more popular which IMHO is a good thing.
Hold on there, Bitcoin is still tiny, I highly, highly doubt it will
make a difference to DNSSEC adoption.
--=-NlmWAARXilQmk8jtGPvo
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJOLp/EAAoJEBrh01BD4I5UzGMP/je8lnXEJ8EN2NrQ4aij5WLf
yc8+7AZozIi3SfVTqj7gY+O6sDxojL2yqB3v8Z81qYZU1ZhlllPBhlmmgE5QE4aq
6U7RDAGJ4tAnTVyELWS41z+l9eVeP6Ae5oZoidd1kqAUHk6Nrv9xydfDDCn4mipv
2ZQfrS7OPLFwGhLOp311ZnwD+BwMGpHsCRmGn/PB1h8XSNsyQ91eL37n21kLf3pc
5o8VsubZLP5eKvn0Ia3at4B5dpIylUsh5m5YuppQXLyG2BJzEpaXltjnXww1QoEh
80yFYewbhrqu/G6pNC/TjzjOpJWwisSslF1KcLnZPgUuQfJOKGwWFLd7kk7g8s8X
ur4aSkMCwcNvsXw7JQwdUvgmgMZ4SwH6UO3cVe3iK5Zx+SlWh4aGrlkMDQBssJjG
fVfpK5LD3ubTUqC7DfNHxCdXkVGpCxZinXcCp30ukDDjtZpkNMTXur182sVsugm/
yTBNu7z0pwT46Kw7LA6gTFbHmxTZBYbfUGB0WaJcIwkFQxG15K6jeD7oFdBw8kii
ZX09/RKUlim7WjVUzWeaKZ/ZN+H1JHiuprfd1gVZk8jj58lE4u3lV/wdZDoM+fB0
HyOKUfcMIljCf436aWDMx6Fa9wmxsV7BViMVX/Kb8ISnkRTtE8rmJJ4jpqXFiKPh
xfEOR/EKEVDkOn3O0OKL
=1Zn2
-----END PGP SIGNATURE-----
--=-NlmWAARXilQmk8jtGPvo--
|