Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1QlkqX-00083g-7c for bitcoin-development@lists.sourceforge.net; Tue, 26 Jul 2011 16:51:05 +0000 X-ACL-Warn: Received: from mail-gy0-f175.google.com ([209.85.160.175]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1QlkqW-0004TW-6f for bitcoin-development@lists.sourceforge.net; Tue, 26 Jul 2011 16:51:05 +0000 Received: by gyd12 with SMTP id 12so501561gyd.34 for ; Tue, 26 Jul 2011 09:50:58 -0700 (PDT) MIME-Version: 1.0 Received: by 10.150.207.19 with SMTP id e19mr2056430ybg.126.1311699058669; Tue, 26 Jul 2011 09:50:58 -0700 (PDT) Received: by 10.151.114.15 with HTTP; Tue, 26 Jul 2011 09:50:58 -0700 (PDT) In-Reply-To: <1311697476.23041.7.camel@Desktop666> References: <1311644156.29866.4.camel@Desktop666> <1311678417.21495.9.camel@Desktop666> <1311691885.23041.2.camel@Desktop666> <1311697476.23041.7.camel@Desktop666> Date: Tue, 26 Jul 2011 09:50:58 -0700 Message-ID: From: Rick Wesson To: Matt Corallo Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.4 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.4 AWL AWL: From: address is in the auto white-list X-Headers-End: 1QlkqW-0004TW-6f Cc: bitcoin-development Subject: Re: [Bitcoin-development] bitcoin DNS addresses X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jul 2011 16:51:05 -0000 [snip] > I totally agree, however I don't think DNS-based resolving is a good > idea here. =A0HTTPS does have several advantages over a DNSSEC-based > solution without any significant drawbacks that I can see. To restate your (con dnssec) points: o DNS resolution of bitcoin addresses is bad because of potential MITM attacks o DNSSEC is not a security measure for mitigating DNS resolution of bitcoin addresses because the application would require its own dnssec enabled stub res= olver Please restate o HTTPS is your preferred method for resolution because? If you can enumerate your advantages so I can develop a proper response to the points you have raised. thanks, -rick