You are describing the problem DANE addresses, see http://tools.ietf.org/html/draft-ietf-dane-protocol-12
Using Secure DNS to Associate Certificates with Domain Names For TLS Abstract TLS and DTLS use PKIX certificates for authenticating the server. Users want their applications to verify that the certificate provided by the TLS server is in fact associated with the domain name they expect. TLSA provides bindings of keys to domains that are asserted not by external entities, but by the entities that operate the DNS. This document describes how to use secure DNS to associate the TLS server's certificate with the intended domain name. For those of you against DNSSEC, DANE leverages it significantly. The point I have been attempting to make is if one to rely on HTTPS, leveraging DANE will allow you to mitigate CAs and use self signed cers but you will need to leverage DNSSEC to bind the self signed cert using DANE and if you are going to rely on DNSSEC for DANE to support HTTPS, why not short-circut this madness and just publish your identifiers and secure the zone via DNSSEC and link in a stub resolver in the client. Short story: transform u...@authority.tld --> _btc.user.athority.tld TXT 1z.... A short i-d is probably a better way to explain, so I will task myself to do that. -rick On Mon, Dec 19, 2011 at 6:46 AM, solar <so...@heliacal.net> wrote: > I think HTTPS, and more specifically x.509 PKI certs and CAs are generally a > good idea and (historical implementation bugs aside) the concept is > technically sound and secure. What is a bad idea (in my opinion) is to trust > a software vendor to decide who you should trust.. thus it is a bad idea for > bitcoin software to promise any trust. > > The part where the concept becomes flawed is trusting 3rd parties who have no > relationship with you, to serve your interests. Now I'm just generalizing > here and this is not universally true.. but internet CAs just want to sell > certificates - they generally don't care beyond that, and they abuse the > certificate validity dates to charge more money. All this is done under the > guise of wanting to provide a secure experience to users without a prior > relationship to the entity being identified. I propose that trying to follow > this paradigm in bitcoin alias resolution is a bad idea because it tries to > solve 2 problems at once, one of which does not have any 'good' solution, and > forces a specific policy. > > First, we need to resolve an alias to a bitcoin address somehow.. but > secondly we need to establish trust with the entity doing the alias > resolution - to make sure that we can trust the response. > > When resolving an alias you will have to query an untrusted server, possibly > being proxied by an 'attacker'. Presumably, an x.509 certificate will be > presented, possibly self signed or chained off a self generated CA or > whatever else.. but if it's your first contact then there is no possible way > to know if it's correct or not. You would have to retrieve the correct > public key of the CA to compare to first, possibly out of band. Get it from > my website, compare it to my business card, send me an email and I'll send it > to you, or get it from some other source using some other pre existing trust > (a centralized and possibly private directory perhaps). The point is, the > reason there is so much disagreement is because there is no good way to trust > the resolver if you don't create that trust relationship prior to resolving > an alias from it. > > I think that having to pre-trust the resolver would be an acceptable solution > to all.. Those whose policy requires a simpler process can get a 3rd party CA > list, much like the ones provided with web browsers and operating systems. > Those with strict verification policies can choose to pre verify every public > key.. and these processes are familiar to many organizations using PKI for > other things already. In a client, presenting the usual certificate detail > dialog, showing the public key, subject, issuer, and thumbprint would be > sufficient to allow users to implement their own policies without forcing it > one way or another. > > Please consider that while some organizations or users might require strong > anonymity and pre existing trust, there are others who may want to do the > opposite and that is just as valid, even if you or 'everyone else' disagrees > with that. In the case of bitcoin, it will be used as part of a larger > system, and whatever concerns are created by 'insecure' alias resolution may > well be addressed in another part of the system. The most successful > standards and implementations are the ones which provide the most flexibility > - primarily because that allows users to extend them in ways the original > designers didn't necessarily plan for. > > Thanks, > Laszlo > > > > On Dec 19, 2011, at 11:44 AM, Andy Parkins wrote: > >> On 2011 December 19 Monday, Jorge Timón wrote: >>> Ok, so HTTP is not an option unless it shows a huge warning. I don't >>> know the HTTPS possible attack, but maybe it needs a warning message >>> too, from what you people are saying. Although using namecoin to >> >> The problems with HTTPS have been social rather than technical. Multiple CAs >> have been strong-armed by governments or tricked into issuing fake >> certificates by scammers. There is no technical measure around that. By >> using the CA certificate we are saying to the system "here is someone I trust >> to issue a certificate". So far, with a large number of CAs, that trust is >> misplaced. >> >> I'm of the opinion though that this problem is outside the remit of bitcoin >> to >> solve. >> >> Perhaps we should be more strict about which CA certificates are trusted by >> the bitcoin client: say restrict it to those who have demonstrably good >> practices for verifying identity; rather than the ridiculous amount of trust >> that comes pre-installed for me in my browser. >> >> >> >> Andy >> >> -- >> Dr Andy Parkins >> andypark...@gmail.com >> ------------------------------------------------------------------------------ >> Learn Windows Azure Live! Tuesday, Dec 13, 2011 >> Microsoft is holding a special Learn Windows Azure training event for >> developers. It will provide a great way to learn Windows Azure and what it >> provides. You can attend the event by watching it streamed LIVE online. >> Learn more at >> http://p.sf.net/sfu/ms-windowsazure_______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > ------------------------------------------------------------------------------ > Learn Windows Azure Live! Tuesday, Dec 13, 2011 > Microsoft is holding a special Learn Windows Azure training event for > developers. It will provide a great way to learn Windows Azure and what it > provides. You can attend the event by watching it streamed LIVE online. > Learn more at http://p.sf.net/sfu/ms-windowsazure > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
