Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
	helo=mx.sourceforge.net)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <bitcoin-list@bluematt.me>) id 1Qlhc1-0001mb-H6
	for bitcoin-development@lists.sourceforge.net;
	Tue, 26 Jul 2011 13:23:53 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of bluematt.me
	designates 208.79.240.5 as permitted sender)
	client-ip=208.79.240.5; envelope-from=bitcoin-list@bluematt.me;
	helo=smtpauth.rollernet.us; 
Received: from smtpauth.rollernet.us ([208.79.240.5])
	by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.76) id 1Qlhbz-00077n-Va
	for bitcoin-development@lists.sourceforge.net;
	Tue, 26 Jul 2011 13:23:53 +0000
Received: from smtpauth.rollernet.us (localhost [127.0.0.1])
	by smtpauth.rollernet.us (Postfix) with ESMTP id EDCEC594020
	for <bitcoin-development@lists.sourceforge.net>;
	Tue, 26 Jul 2011 06:23:30 -0700 (PDT)
Received: from mail.bluematt.me (mail.bluematt.me [IPv6:2001:470:9ff2:2::13])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: @bluematt.me)
	by smtpauth.rollernet.us (Postfix) with ESMTPSA
	for <bitcoin-development@lists.sourceforge.net>;
	Tue, 26 Jul 2011 06:23:30 -0700 (PDT)
Received: from [IPv6:2001:470:9ff2:1:2c0:caff:fe33:858b] (unknown
	[IPv6:2001:470:9ff2:1:2c0:caff:fe33:858b])
	by mail.bluematt.me (Postfix) with ESMTPSA id D1121375
	for <bitcoin-development@lists.sourceforge.net>;
	Tue, 26 Jul 2011 15:23:39 +0200 (CEST)
From: Matt Corallo <bitcoin-list@bluematt.me>
To: Rick Wesson <rick@support-intelligence.com>
In-Reply-To: <CAJ1JLts9vcF7bGo8udK9OicWhAUHvmeFDrZQDKBoGQbp-nYGrw@mail.gmail.com>
References: <CAJ1JLts5_r6hHoJR-gS-CuuvS00p=RQ6iYbCyOkBDcvgs1xtew@mail.gmail.com>
	<1311644156.29866.4.camel@Desktop666>
	<CAJ1JLts9vcF7bGo8udK9OicWhAUHvmeFDrZQDKBoGQbp-nYGrw@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha1";
	protocol="application/pgp-signature";
	boundary="=-NlmWAARXilQmk8jtGPvo"
Message-ID: <1311678417.21495.9.camel@Desktop666>
Mime-Version: 1.0
Resent-From: Matt Corallo <bitcoin-list@bluematt.me>
Resent-To: bitcoin-development <bitcoin-development@lists.sourceforge.net>
Date: Tue, 26 Jul 2011 15:23:39 +0200
X-Mailer: Evolution 2.32.2 
X-Rollernet-Abuse: Processed by Roller Network Mail Services. Contact
	abuse@rollernet.us to report violations. Abuse policy:
	http://rollernet.us/abuse.php
X-Rollernet-Submit: Submit ID 2212.4e2ebfd2.96481.0
Resent-Message-Id: <20110726132330.EDCEC594020@smtpauth.rollernet.us>
Resent-Date: Tue, 26 Jul 2011 06:23:30 -0700 (PDT)
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
	-0.0 SPF_PASS               SPF: sender matches SPF record
X-Headers-End: 1Qlhbz-00077n-Va
Subject: Re: [Bitcoin-development] bitcoin DNS addresses
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 13:23:53 -0000


--=-NlmWAARXilQmk8jtGPvo
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, 2011-07-25 at 20:35 -0700, Rick Wesson wrote:
> Matt,
>=20
> I started from the premise that I can't remember a bitcoin address but
> I can/do remember email addresses which, as an identity are easy
> labels for humans to remember. The IPv4 address is the metaphor I
> consider. As someone who actually worked on parts of DNSSEC I do
> believe in it -- and that it offers reasonable security for
> transactions.

> Remember MITM attacks on DNS for a transaction are for the sender
> against the merchant, and it is only the wallet ID that would be
> available. These identifiers are something people use "like" an
> identity in that they are frequently shared in public spaces.
>=20
Yes, DNSSEC is great if you are running your own recursive name server.
However, that is probably something like 0.01% of the people out there.
If this were to be made secure, one would have to implement a full
recursive nameserver inside of Bitcoin with the root trust anchors
hardcoded in.  This seems like way overkill to do name->address mapping.
(My attack scenario here is coffee shop wifi with the default DNS
resolvers being somewhere at the ISP and a ARP (or other) MITM attack
intercepting and playing with your DNS queries).
Additionally, HTTPS mapping offers some advantages such as ease of
offering up different to different people by eg. IP address (could be
done by setting DNS TTL to 0 and assuming all users will be using a
built-in resolver, but its still not guaranteed that other clients would
use a built-in resolver and then the IP of the resolver is not the same
as the IP of the Bitcoin node). =20
Not that DNS is a terrible idea, but there are clear advantages for
using HTTPS (or similar) mapping over DNS and I see no clear advantage
for using DNS over HTTPS (aside from the "that is what it is designed
for" argument, which I would claim is an invalid argument as you have to
consider the technology, not its intent).
> Also, a DNS mapping does not prevent or deny anyone from leveraging
> HTTP(S) for simular mapping. My point is that DNS is designed for name
> to thing mapping and its done a decent job. What I like about the DNS
> is that it is frequently leveraged as a proxy for identity and http
> URIs are not. Where https://wesson.us/ricks-bitcoin-address doesn't
> feel like and identity (to me) and rick.wesson.us does.
>=20
> My point is about usability and user experience. Bitcoin if used in
> the DNS might make DNSSEC more popular which IMHO is a good thing.
Hold on there, Bitcoin is still tiny, I highly, highly doubt it will
make a difference to DNSSEC adoption.


--=-NlmWAARXilQmk8jtGPvo
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABAgAGBQJOLp/EAAoJEBrh01BD4I5UzGMP/je8lnXEJ8EN2NrQ4aij5WLf
yc8+7AZozIi3SfVTqj7gY+O6sDxojL2yqB3v8Z81qYZU1ZhlllPBhlmmgE5QE4aq
6U7RDAGJ4tAnTVyELWS41z+l9eVeP6Ae5oZoidd1kqAUHk6Nrv9xydfDDCn4mipv
2ZQfrS7OPLFwGhLOp311ZnwD+BwMGpHsCRmGn/PB1h8XSNsyQ91eL37n21kLf3pc
5o8VsubZLP5eKvn0Ia3at4B5dpIylUsh5m5YuppQXLyG2BJzEpaXltjnXww1QoEh
80yFYewbhrqu/G6pNC/TjzjOpJWwisSslF1KcLnZPgUuQfJOKGwWFLd7kk7g8s8X
ur4aSkMCwcNvsXw7JQwdUvgmgMZ4SwH6UO3cVe3iK5Zx+SlWh4aGrlkMDQBssJjG
fVfpK5LD3ubTUqC7DfNHxCdXkVGpCxZinXcCp30ukDDjtZpkNMTXur182sVsugm/
yTBNu7z0pwT46Kw7LA6gTFbHmxTZBYbfUGB0WaJcIwkFQxG15K6jeD7oFdBw8kii
ZX09/RKUlim7WjVUzWeaKZ/ZN+H1JHiuprfd1gVZk8jj58lE4u3lV/wdZDoM+fB0
HyOKUfcMIljCf436aWDMx6Fa9wmxsV7BViMVX/Kb8ISnkRTtE8rmJJ4jpqXFiKPh
xfEOR/EKEVDkOn3O0OKL
=1Zn2
-----END PGP SIGNATURE-----

--=-NlmWAARXilQmk8jtGPvo--