librelist archives

« back to archive

Namecoin and TLS trust decentralization

Namecoin and TLS trust decentralization

From:
active
Date:
2011-09-19 @ 08:48
The namecoin project (http://dot-bit.org) aims to establish a  
decentralized domain name system. This is a crucial part of  
establishing independent infrastructure for a free internet.

With all of the shenanigans surrounding CAs lately (see  
http://cryptome.org/0005/packet-spy.htm for a recent spying story  
involving certificate forgery), it has become blindingly obvious that  
the current state of affairs is unacceptable.

In addition to (and as a nice consequence of) its distributed approach  
to storing DNS records, namecoin offers a solution to this problem.

http://dot-bit.org/Domain_names#TLS_support

Basically, if you trust the distributed namecoin network, you can  
trust the embedded fingerprints. This obsoletes centralized  
certificate authorities. Simply make your own self-signed certificate  
and update your domain's namecoin record with the certificate's  
fingerprint. If your browser is smart enough, it can compare the  
domains certificate with the trusted fingerprint information.

Re: [remailer] Namecoin and TLS trust decentralization

From:
Tom Ritter
Date:
2011-09-19 @ 12:14
> Basically, if you trust the distributed namecoin network, you can  
> trust the embedded fingerprints. This obsoletes centralized  
> certificate authorities. Simply make your own self-signed certificate  
> and update your domain's namecoin record with the certificate's  
> fingerprint. If your browser is smart enough, it can compare the  
> domains certificate with the trusted fingerprint information.

I'll mention this because it's been a topic on another mailing list.

From the site:

>If the certificate is self-signed, the certificate common name matches
the requested hostname, THE CERTIFICATE TIME RANGE IS VALID and the
certificate fingerprint matches one of the fingerprint ...

Emphasis Mine.  I haven't seen anything in here to have a secure clock
sync.  Everyone forgets about this, and I can't blame them, but it is a
general problem.  Now, if you're running namecoin, you're probably a
computer-saavy user and have the correct time set, but for grandmas (who
we want to protect with CA & certs-in-DNS [either Namecoins or DANE])
clock sync is a real concern.

-tom

Re: [remailer] Namecoin and TLS trust decentralization

From:
Moritz Bartl
Date:
2011-09-19 @ 09:10
On 19.09.2011 10:48, active wrote:
> The namecoin project (http://dot-bit.org) aims to establish a  
> decentralized domain name system. This is a crucial part of  
> establishing independent infrastructure for a free internet.

Bitcoin/Namecoin does not scale.

-- 
Moritz Bartl
https://www.torservers.net/

Re: [remailer] Namecoin and TLS trust decentralization

From:
kupo
Date:
2011-09-20 @ 02:25
Greetings Moritz,
I'm familiar with your torservers project and compliment you on it, but 
could you elaborate more on your answer?
-kupo

On Mon, 19 Sep 2011, Moritz Bartl wrote:

> On 19.09.2011 10:48, active wrote:
>> The namecoin project (http://dot-bit.org) aims to establish a
>> decentralized domain name system. This is a crucial part of
>> establishing independent infrastructure for a free internet.
>
> Bitcoin/Namecoin does not scale.
>
> -- 
> Moritz Bartl
> https://www.torservers.net/
>

Re: [remailer] Namecoin and TLS trust decentralization

From:
Moritz Bartl
Date:
2011-09-20 @ 10:37
Hi kupo,

On 20.09.2011 04:25, kupo wrote:
> I'm familiar with your torservers project and compliment you on it, but 
> could you elaborate more on your answer?

Thanks. For a discussion of scalability issues with Bitcoin, see
https://en.bitcoin.it/wiki/Scalability and
https://en.bitcoin.it/wiki/Talk:Scalability

I have to admit that I did not look at it too closely, but I trust
people like Dan Kaminsky and others that have.

-- 
Moritz Bartl
https://www.torservers.net/

Bitcoin scaling

From:
kupo
Date:
2011-09-20 @ 23:48
Hi again Moritz,
I read the two links you provided, I'm not seeing much there against 
bitcoin scaling, I also reading the following forum thread discussing the 
scaling issue. I figured I'd share it. 
https://bitcointalk.org/index.php?topic=34597.0
-kupo


On Tue, 20 Sep 2011, Moritz Bartl wrote:

> Hi kupo,
>
> On 20.09.2011 04:25, kupo wrote:
>> I'm familiar with your torservers project and compliment you on it, but
>> could you elaborate more on your answer?
>
> Thanks. For a discussion of scalability issues with Bitcoin, see
> https://en.bitcoin.it/wiki/Scalability and
> https://en.bitcoin.it/wiki/Talk:Scalability
>
> I have to admit that I did not look at it too closely, but I trust
> people like Dan Kaminsky and others that have.
>
> -- 
> Moritz Bartl
> https://www.torservers.net/
>

Re: [remailer] Bitcoin scaling

From:
Vegard Nossum
Date:
2011-09-21 @ 10:02
On 21 September 2011 01:48, kupo <kupo@damnfbi.tk> wrote:
> Hi again Moritz,
> I read the two links you provided, I'm not seeing much there against
> bitcoin scaling, I also reading the following forum thread discussing the
> scaling issue. I figured I'd share it.
> https://bitcointalk.org/index.php?topic=34597.0
> -kupo

One issue that I haven't seen to be dealt with yet:

The fact that adding a new node to the network inevitably becomes
prohibitively expensive, since it needs to download the complete block
chain. Already new bitcoin users are complaining that it takes a long
time to get started, and the block chain is only half a gigabyte. It
doesn't matter that you only need to download a few kilobytes per
second when the cost of adding a new node to the network is an initial
transfer of multiple gigabytes.

The way I see it, the scaling problem is not so much a problem with
the number of clients, but the amount of data that collects over time
(of course, with more users, the data collected per time unit also
increases).

Cash scales because each user needs only to concern themselves about
their own wallet and their own transactions rather than keep track of
the entire history of the entire economy.


Vegard

Re: [remailer] Bitcoin scaling

From:
Michael Rogers
Date:
2011-09-21 @ 10:22
On 21/09/11 11:02, Vegard Nossum wrote:
> One issue that I haven't seen to be dealt with yet:
> 
> The fact that adding a new node to the network inevitably becomes
> prohibitively expensive, since it needs to download the complete block
> chain.

Sorry if I've missed something, but would it be possible to start one's
local copy of the chain from a block other than the genesis block - say,
the first block created after midnight on 21 September 2011?

If that block was downloaded from a trusted source, or several
independent sources, couldn't subsequent blocks be verified without
needing a complete copy of the chain?

Cheers,
Michael

Re: [remailer] Bitcoin scaling

From:
Vegard Nossum
Date:
2011-09-21 @ 10:58
On 21 September 2011 12:22, Michael Rogers <m--@gmx.com> wrote:
> On 21/09/11 11:02, Vegard Nossum wrote:
>> One issue that I haven't seen to be dealt with yet:
>>
>> The fact that adding a new node to the network inevitably becomes
>> prohibitively expensive, since it needs to download the complete block
>> chain.
>
> Sorry if I've missed something, but would it be possible to start one's
> local copy of the chain from a block other than the genesis block - say,
> the first block created after midnight on 21 September 2011?
>
> If that block was downloaded from a trusted source, or several
> independent sources, couldn't subsequent blocks be verified without
> needing a complete copy of the chain?

As long as a block contains an unspent transaction output (i.e. an
address with a nonzero balance), you need to keep it _somewhere_ in
order to possibly be able to verify it if it is spent some time in the
future.

At the very least you would have to also download a copy of all
unspent transaction outputs at the point of the first full block you
download.

So assuming a trusted source, it seems that you don't necessarily need
to download the entire history of the entire economy (by the Merkle
tree stubbing off process described in the bitcoin paper).


Vegard

Re: [remailer] Bitcoin scaling

From:
kupo
Date:
2011-09-21 @ 19:33
Yes hidden within those three articles is one method for dealing with 
minimal blockchain information. Specifically this is discussed for mobile 
phone applications of bitcoin wallets, where the user is more interested 
in spending them than say generating hashes on the device. Unfortunately 
this is still as-yet-to-be-developed.
-kupo

On Wed, 21 Sep 2011, Vegard Nossum wrote:

> On 21 September 2011 12:22, Michael Rogers <m--@gmx.com> wrote:
>> On 21/09/11 11:02, Vegard Nossum wrote:
>>> One issue that I haven't seen to be dealt with yet:
>>>
>>> The fact that adding a new node to the network inevitably becomes
>>> prohibitively expensive, since it needs to download the complete block
>>> chain.
>>
>> Sorry if I've missed something, but would it be possible to start one's
>> local copy of the chain from a block other than the genesis block - say,
>> the first block created after midnight on 21 September 2011?
>>
>> If that block was downloaded from a trusted source, or several
>> independent sources, couldn't subsequent blocks be verified without
>> needing a complete copy of the chain?
>
> As long as a block contains an unspent transaction output (i.e. an
> address with a nonzero balance), you need to keep it _somewhere_ in
> order to possibly be able to verify it if it is spent some time in the
> future.
>
> At the very least you would have to also download a copy of all
> unspent transaction outputs at the point of the first full block you
> download.
>
> So assuming a trusted source, it seems that you don't necessarily need
> to download the entire history of the entire economy (by the Merkle
> tree stubbing off process described in the bitcoin paper).
>
>
> Vegard
>

Re: [remailer] Bitcoin scaling

From:
active
Date:
2011-09-25 @ 08:30
Quoting kupo <kupo@damnfbi.tk>:

> Yes hidden within those three articles is one method for dealing with
> minimal blockchain information. Specifically this is discussed for mobile
> phone applications of bitcoin wallets, where the user is more interested
> in spending them than say generating hashes on the device. Unfortunately
> this is still as-yet-to-be-developed.
> -kupo

Bitcoinj does this. It was released a few month ago.
http://code.google.com/p/bitcoinj

"BitCoinJ implements the "simplified payment verification" mode of  
Satoshis paper. It does not store a full copy of the block chain,  
rather, it stores what it needs in order to verify transactions with  
the aid of an untrusted peer node."

Mobile clients also exist.
https://market.android.com/details?id=de.schildbach.wallet&hl=en
https://github.com/barmstrong/bitcoin-android

Of course, this thread is concerned with namecoin, which would  
probably be running on big beefy DNS servers anyways.

The issue of scalability is important, of course. However, it has not  
been demonstrated that current limitations are insurmountable. I  
realize that I am inverting the normal burden of proof, but biven the  
fact that other protocols such as bittorrent and gnutella were once  
regarded as failures in waiting that would never scale, I wouldn't yet  
bet against distributed "coin" systems improving their scalability.

We may also keep in mind that systems like namecoin do, in fact, exist  
today and aren't just abstract ideas in an academic paper. Namecoin  
can be used, extended, and improved, if people are really interested  
in developing distributed DNS. Or some ideas can be adopted and put to  
use in different, improved systems. The point is that thoughful  
analysis and criticism , as opposed to laconic negative statements,  
are required if we are to actually build and improve resilient  
infrastructure. Finally, "cypherpunks write code." The tools avaiable  
today would have made the old-timers drool back in the early 90s.

Re: [remailer] Namecoin and TLS trust decentralization

From:
Michael Rogers
Date:
2011-09-19 @ 12:16
On 19/09/11 10:10, Moritz Bartl wrote:
> On 19.09.2011 10:48, active wrote:
>> The namecoin project (http://dot-bit.org) aims to establish a  
>> decentralized domain name system. This is a crucial part of  
>> establishing independent infrastructure for a free internet.
> 
> Bitcoin/Namecoin does not scale.

Neither did Gnutella:
http://www.darkridge.com/~jpr5/doc/gnutella.html

Neither does Tor:
https://netfiles.uiuc.edu/mittal2/www/scaling-anonymity-hotsec10.pdf

If enough people want to fix Namecoin's scalability, I wouldn't bet
against their finding a solution.

Cheers,
Michael