public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Matt Corallo <bitcoin-list@bluematt.me>
To: bitcoin-development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] bitcoin DNS addresses
Date: Tue, 26 Jul 2011 18:24:36 +0200	[thread overview]
Message-ID: <1311697476.23041.7.camel@Desktop666> (raw)
In-Reply-To: <CAJ1JLtsLXEPFkBuHf6ZKUSVYUnY+NL7TtsEswGvdTYtrZZTXWw@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2632 bytes --]

For some reason my mail client is being thick and not responding
on-list, sorry about that...

On Tue, 2011-07-26 at 08:34 -0700, Rick Wesson wrote:
> > Most OSes dont do any resolving at all, they just query upstream
> > resolvers.  In the case of the coffee shop, that upstream resolver is
> > the attacker.  This attacker can easily just claim that the zone you
> > requested is not DNSSEC signed and return their data and the OS will not
> > be any wiser.  AFAIK, most OSes dont have a mechanism to require the
> > zone queried is DNSSEC signed meaning you have to implement a full DNS
> > resolver in Bitcoin in order for it to be secure.
> 
> Matt,
> 
> The same attack can apply to https with a self signed cert where it is
> the A record that is replaced by the attacker and the https request is
> sent to evil.com's server which responds to the request with an answer
> in the form you expect. This is what lots of malware does on windows
> to steel bank login credentials, securing http doesn't prevent such an
> attack.
If you are using a self-signed cert to do any kind of important data
transfer you are just being stupid.  Here I am assuming your computer
isnt actually compromised, but only the network is, which I think is a
fairly good assumption.
> 
> Windows has supported DNSSEC since 2008 as have most of the unix
> variants, mac osx since 10.3 Android also seems to include DNSSEC
> capable resolvers.
> 
> If this thread is really about DNSSEC then we might move it to a more
> appropriate forum for discussing how applications leverage DNS
> security extensions.  Its taken some years to get the specs done and
> the root signed I expect it to take many more to enable the
> applications to leverage the deployed infrastructure.
No, DNSSEC is very well done, this thread is specifically about the
security implications of using DNSSEC for Bitcoin address communication.
IMO it is not a good idea, as for it to be secure against a coffee-shop
network MITMer you have to implement a full resolver with root trust
anchors and knowledge of root servers in Bitcoin, which does not seem
like a good idea.
> 
> I am interested in working on the issues surrounding usability and I
> find that remembering and communicating a bitcoin address are current
> limiting factors in the acceptance and deployment of this software. My
> goal is for simpler user experience.
I totally agree, however I don't think DNS-based resolving is a good
idea here.  HTTPS does have several advantages over a DNSSEC-based
solution without any significant drawbacks that I can see.

Matt

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

  parent reply	other threads:[~2011-07-26 16:24 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-07-26  0:29 [Bitcoin-development] bitcoin DNS addresses Rick Wesson
2011-07-26  1:35 ` Matt Corallo
2011-07-26  3:35   ` Rick Wesson
2011-07-26  4:22     ` Luke-Jr
2011-07-26  4:54       ` Rick Wesson
2011-07-26  6:18         ` Luke-Jr
2011-07-26  8:04           ` John Smith
2011-07-26 13:23     ` Matt Corallo
     [not found]       ` <CAJ1JLtvHubiC_f_a17fnXODs54CCdmxPf8+Zz4M5X9d8VEfFSQ@mail.gmail.com>
     [not found]         ` <1311691885.23041.2.camel@Desktop666>
     [not found]           ` <CAJ1JLtsLXEPFkBuHf6ZKUSVYUnY+NL7TtsEswGvdTYtrZZTXWw@mail.gmail.com>
2011-07-26 16:24             ` Matt Corallo [this message]
2011-07-26 16:50               ` Rick Wesson
2011-07-26 17:18                 ` Matt Corallo
2011-07-30 11:34 ` Mike Hearn
2011-07-30 13:42   ` Rick Wesson
2011-07-30 14:07     ` Matt Corallo
2011-07-26 16:32 phantomcircuit

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1311697476.23041.7.camel@Desktop666 \
    --to=bitcoin-list@bluematt.me \
    --cc=bitcoin-development@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox