summaryrefslogtreecommitdiff
path: root/6c/ba6e74109fe73a9b7d3faf49dd9b06330501e2
blob: 7b9cfa234ad92b4ded26750b268af8a5323ed48a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
	helo=mx.sourceforge.net)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <matt@bluematt.me>) id 1QllHC-00042X-3E
	for bitcoin-development@lists.sourceforge.net;
	Tue, 26 Jul 2011 17:18:38 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of bluematt.me
	designates 208.79.240.5 as permitted sender)
	client-ip=208.79.240.5; envelope-from=matt@bluematt.me;
	helo=smtpauth.rollernet.us; 
Received: from smtpauth.rollernet.us ([208.79.240.5])
	by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.76) id 1QllHB-0003cJ-6v
	for bitcoin-development@lists.sourceforge.net;
	Tue, 26 Jul 2011 17:18:38 +0000
Received: from smtpauth.rollernet.us (localhost [127.0.0.1])
	by smtpauth.rollernet.us (Postfix) with ESMTP id 7BAB6594008
	for <bitcoin-development@lists.sourceforge.net>;
	Tue, 26 Jul 2011 10:18:17 -0700 (PDT)
Received: from mail.bluematt.me (mail.bluematt.me [IPv6:2001:470:9ff2:2::13])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: @bluematt.me)
	by smtpauth.rollernet.us (Postfix) with ESMTPSA
	for <bitcoin-development@lists.sourceforge.net>;
	Tue, 26 Jul 2011 10:18:17 -0700 (PDT)
Received: from [IPv6:2001:470:9ff2:1:2c0:caff:fe33:858b] (unknown
	[IPv6:2001:470:9ff2:1:2c0:caff:fe33:858b])
	by mail.bluematt.me (Postfix) with ESMTPSA id 8972C2D9
	for <bitcoin-development@lists.sourceforge.net>;
	Tue, 26 Jul 2011 19:18:26 +0200 (CEST)
From: Matt Corallo <bitcoin-list@bluematt.me>
To: Rick Wesson <rick@support-intelligence.com>
In-Reply-To: <CAJ1JLtskNnCB1cbUBht3oAVWuYPSF82GoNacMbqcN0YGd5Pvxw@mail.gmail.com>
References: <CAJ1JLts5_r6hHoJR-gS-CuuvS00p=RQ6iYbCyOkBDcvgs1xtew@mail.gmail.com>
	<1311644156.29866.4.camel@Desktop666>
	<CAJ1JLts9vcF7bGo8udK9OicWhAUHvmeFDrZQDKBoGQbp-nYGrw@mail.gmail.com>
	<1311678417.21495.9.camel@Desktop666>
	<CAJ1JLtvHubiC_f_a17fnXODs54CCdmxPf8+Zz4M5X9d8VEfFSQ@mail.gmail.com>
	<1311691885.23041.2.camel@Desktop666>
	<CAJ1JLtsLXEPFkBuHf6ZKUSVYUnY+NL7TtsEswGvdTYtrZZTXWw@mail.gmail.com>
	<1311697476.23041.7.camel@Desktop666>
	<CAJ1JLtskNnCB1cbUBht3oAVWuYPSF82GoNacMbqcN0YGd5Pvxw@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha1";
	protocol="application/pgp-signature";
	boundary="=-WJnYKX2iqWswXzvVcRXC"
Message-ID: <1311700678.23041.13.camel@Desktop666>
Mime-Version: 1.0
Resent-From: Matt Corallo <matt@bluematt.me>
Resent-To: bitcoin-development <bitcoin-development@lists.sourceforge.net>
Date: Tue, 26 Jul 2011 19:18:27 +0200
X-Mailer: Evolution 2.32.2 
X-Rollernet-Abuse: Processed by Roller Network Mail Services. Contact
	abuse@rollernet.us to report violations. Abuse policy:
	http://rollernet.us/abuse.php
X-Rollernet-Submit: Submit ID 1ee.4e2ef6d9.26ae0.0
Resent-Message-Id: <20110726171817.7BAB6594008@smtpauth.rollernet.us>
Resent-Date: Tue, 26 Jul 2011 10:18:17 -0700 (PDT)
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
	-0.0 SPF_PASS               SPF: sender matches SPF record
X-Headers-End: 1QllHB-0003cJ-6v
Subject: Re: [Bitcoin-development] bitcoin DNS addresses
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 17:18:38 -0000


--=-WJnYKX2iqWswXzvVcRXC
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Tue, 2011-07-26 at 09:50 -0700, Rick Wesson wrote:
> [snip]
>=20
> > I totally agree, however I don't think DNS-based resolving is a good
> > idea here.  HTTPS does have several advantages over a DNSSEC-based
> > solution without any significant drawbacks that I can see.
>=20
> To restate your (con dnssec) points:
>    o DNS resolution of bitcoin addresses is bad because of potential
> MITM attacks
>    o DNSSEC is not a security measure for mitigating DNS resolution of
> bitcoin addresses
>       because the application would require its own dnssec enabled stub r=
esolver
That is one point, but yes.
>=20
> Please restate
>    o HTTPS is your preferred method for resolution because?
Because it allows for the giving of different addresses to each client
based on IP much easier.  Its possible with DNS by setting TTL to 0 and
hoping that Bitcoin clients will be using their own resolver, but that
is far from guaranteed.  Additionally, HTTPS stuff has already been
coded and implemented, so there's that...

Frankly, HTTPS' advantages are very small here, but since they exist,
and DNS has no advantages that I can see, I don't see any reason to go
with DNS here.  I much prefer using a HTTPS library (of which there are
many which have had much more thorough security audits) than a
DNSSEC-implementing DNS recursion library with the root trust anchors
and root servers built-in (are there any?).

Maybe I'm missing something here?

Matt

--=-WJnYKX2iqWswXzvVcRXC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABAgAGBQJOLva8AAoJEBrh01BD4I5UM4UP/jiW/khDeyV0S+9YZEO9GcTV
8wAVmohWAMcYRhFwdT4Gsg6hRBhj5ztsIqeN25ZDdSdUYMs9ZxzPIaXDeMezSjvu
ytsLtcX9LIPYmTZTgxmA8y2x9ZNkMYa3epawvUiONvofUFGfePFDhThExZyCiGH5
nK01dsa/LyMZuOuZXwb7zJUCAU4F4tsfax+VAYnnO0qNS9fkQwrfNYpzKmE1P4/E
HR+hq2tTpfCHWReGN+Vnq/nc2axqT0ZmGGGkr5YOl0LRvYACeXq9PabQDu8eEDWd
aXUGWXS8MnnVzeh0VQAWgSM7fzP0MxrlWYXSYf3oKn91vgJ/3syEBc3i0HtQiNAV
QiqXgerWd2bD9guTc5qyEU21wwI9bfg8v3Aq45im/4enxcb7RVeMDnJUQeL47vlB
PPO7vs53yrCx0Glaq0wkWolZ0XUY99R5VcJu3uUX/ord1t/V0+224qkDTP/YaBaz
R3earf5JWhGuJbWOYUgMtYdeW4yoKjVIzTpj1Pg4Hy0Fqofwt0zbrffMT/5+eFLu
9GmBuMUyWr23lPzoOty6yU1iswI5TEEt/f06+xAUo/CTPW/xErILagZ3ZrTs8VuL
7OYiwGa9n3vg1W9LhDOJjYLOZsAz69gjsyaSnL/F2ix4uNVbqLaEFm+AJ8saK/ca
W47TqnEYUTo9jaGHMYEX
=S4Q1
-----END PGP SIGNATURE-----

--=-WJnYKX2iqWswXzvVcRXC--