From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Qlhc1-0001mb-H6 for bitcoin-development@lists.sourceforge.net; Tue, 26 Jul 2011 13:23:53 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of bluematt.me designates 208.79.240.5 as permitted sender) client-ip=208.79.240.5; envelope-from=bitcoin-list@bluematt.me; helo=smtpauth.rollernet.us; Received: from smtpauth.rollernet.us ([208.79.240.5]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1Qlhbz-00077n-Va for bitcoin-development@lists.sourceforge.net; Tue, 26 Jul 2011 13:23:53 +0000 Received: from smtpauth.rollernet.us (localhost [127.0.0.1]) by smtpauth.rollernet.us (Postfix) with ESMTP id EDCEC594020 for ; Tue, 26 Jul 2011 06:23:30 -0700 (PDT) Received: from mail.bluematt.me (mail.bluematt.me [IPv6:2001:470:9ff2:2::13]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: @bluematt.me) by smtpauth.rollernet.us (Postfix) with ESMTPSA for ; Tue, 26 Jul 2011 06:23:30 -0700 (PDT) Received: from [IPv6:2001:470:9ff2:1:2c0:caff:fe33:858b] (unknown [IPv6:2001:470:9ff2:1:2c0:caff:fe33:858b]) by mail.bluematt.me (Postfix) with ESMTPSA id D1121375 for ; Tue, 26 Jul 2011 15:23:39 +0200 (CEST) From: Matt Corallo To: Rick Wesson In-Reply-To: References: <1311644156.29866.4.camel@Desktop666> Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-NlmWAARXilQmk8jtGPvo" Message-ID: <1311678417.21495.9.camel@Desktop666> Mime-Version: 1.0 Resent-From: Matt Corallo Resent-To: bitcoin-development Date: Tue, 26 Jul 2011 15:23:39 +0200 X-Mailer: Evolution 2.32.2 X-Rollernet-Abuse: Processed by Roller Network Mail Services. Contact abuse@rollernet.us to report violations. Abuse policy: http://rollernet.us/abuse.php X-Rollernet-Submit: Submit ID 2212.4e2ebfd2.96481.0 Resent-Message-Id: <20110726132330.EDCEC594020@smtpauth.rollernet.us> Resent-Date: Tue, 26 Jul 2011 06:23:30 -0700 (PDT) X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1Qlhbz-00077n-Va Subject: Re: [Bitcoin-development] bitcoin DNS addresses X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jul 2011 13:23:53 -0000 --=-NlmWAARXilQmk8jtGPvo Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, 2011-07-25 at 20:35 -0700, Rick Wesson wrote: > Matt, >=20 > I started from the premise that I can't remember a bitcoin address but > I can/do remember email addresses which, as an identity are easy > labels for humans to remember. The IPv4 address is the metaphor I > consider. As someone who actually worked on parts of DNSSEC I do > believe in it -- and that it offers reasonable security for > transactions. > Remember MITM attacks on DNS for a transaction are for the sender > against the merchant, and it is only the wallet ID that would be > available. These identifiers are something people use "like" an > identity in that they are frequently shared in public spaces. >=20 Yes, DNSSEC is great if you are running your own recursive name server. However, that is probably something like 0.01% of the people out there. If this were to be made secure, one would have to implement a full recursive nameserver inside of Bitcoin with the root trust anchors hardcoded in. This seems like way overkill to do name->address mapping. (My attack scenario here is coffee shop wifi with the default DNS resolvers being somewhere at the ISP and a ARP (or other) MITM attack intercepting and playing with your DNS queries). Additionally, HTTPS mapping offers some advantages such as ease of offering up different to different people by eg. IP address (could be done by setting DNS TTL to 0 and assuming all users will be using a built-in resolver, but its still not guaranteed that other clients would use a built-in resolver and then the IP of the resolver is not the same as the IP of the Bitcoin node). =20 Not that DNS is a terrible idea, but there are clear advantages for using HTTPS (or similar) mapping over DNS and I see no clear advantage for using DNS over HTTPS (aside from the "that is what it is designed for" argument, which I would claim is an invalid argument as you have to consider the technology, not its intent). > Also, a DNS mapping does not prevent or deny anyone from leveraging > HTTP(S) for simular mapping. My point is that DNS is designed for name > to thing mapping and its done a decent job. What I like about the DNS > is that it is frequently leveraged as a proxy for identity and http > URIs are not. Where https://wesson.us/ricks-bitcoin-address doesn't > feel like and identity (to me) and rick.wesson.us does. >=20 > My point is about usability and user experience. Bitcoin if used in > the DNS might make DNSSEC more popular which IMHO is a good thing. Hold on there, Bitcoin is still tiny, I highly, highly doubt it will make a difference to DNSSEC adoption. --=-NlmWAARXilQmk8jtGPvo Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAABAgAGBQJOLp/EAAoJEBrh01BD4I5UzGMP/je8lnXEJ8EN2NrQ4aij5WLf yc8+7AZozIi3SfVTqj7gY+O6sDxojL2yqB3v8Z81qYZU1ZhlllPBhlmmgE5QE4aq 6U7RDAGJ4tAnTVyELWS41z+l9eVeP6Ae5oZoidd1kqAUHk6Nrv9xydfDDCn4mipv 2ZQfrS7OPLFwGhLOp311ZnwD+BwMGpHsCRmGn/PB1h8XSNsyQ91eL37n21kLf3pc 5o8VsubZLP5eKvn0Ia3at4B5dpIylUsh5m5YuppQXLyG2BJzEpaXltjnXww1QoEh 80yFYewbhrqu/G6pNC/TjzjOpJWwisSslF1KcLnZPgUuQfJOKGwWFLd7kk7g8s8X ur4aSkMCwcNvsXw7JQwdUvgmgMZ4SwH6UO3cVe3iK5Zx+SlWh4aGrlkMDQBssJjG fVfpK5LD3ubTUqC7DfNHxCdXkVGpCxZinXcCp30ukDDjtZpkNMTXur182sVsugm/ yTBNu7z0pwT46Kw7LA6gTFbHmxTZBYbfUGB0WaJcIwkFQxG15K6jeD7oFdBw8kii ZX09/RKUlim7WjVUzWeaKZ/ZN+H1JHiuprfd1gVZk8jj58lE4u3lV/wdZDoM+fB0 HyOKUfcMIljCf436aWDMx6Fa9wmxsV7BViMVX/Kb8ISnkRTtE8rmJJ4jpqXFiKPh xfEOR/EKEVDkOn3O0OKL =1Zn2 -----END PGP SIGNATURE----- --=-NlmWAARXilQmk8jtGPvo--