MIME-Version: 1.0
In-Reply-To: <F5367391-7CC5-4BCB-9AC4-4E38707DAF81@heliacal.net>
References: <1323728469.78044.YahooMailNeo@web121012.mail.ne1.yahoo.com>
	<CAJna-HjyZv2y9grNdnKKG8k6tn7jdW=zL=vtrALpeW8jkuzV6Q@mail.gmail.com>
	<CAGQP0AEEzOjc2ayOJYgs_oh4RG91Dp4JSHUjyPX=qdp+ri6oSg@mail.gmail.com>
	<201112191145.02427.andyparkins@gmail.com>
	<F5367391-7CC5-4BCB-9AC4-4E38707DAF81@heliacal.net>
Date: Mon, 19 Dec 2011 07:35:51 -0800
Message-ID: <CAJ1JLtvQ-jF4kUO3eZ4aExCJVOQrtB42fwmbCT4yeaiZoQPXSw@mail.gmail.com>
From: Rick Wesson <rick@support-intelligence.com>
To: solar <solar@heliacal.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] [BIP 15] Aliases
Precedence: list

You are describing the problem DANE addresses, see
http://tools.ietf.org/html/draft-ietf-dane-protocol-12


Using Secure DNS to Associate Certificates with Domain Names For TLS

Abstract

   TLS and DTLS use PKIX certificates for authenticating the server.
   Users want their applications to verify that the certificate provided
   by the TLS server is in fact associated with the domain name they
   expect.  TLSA provides bindings of keys to domains that are asserted
   not by external entities, but by the entities that operate the DNS.
   This document describes how to use secure DNS to associate the TLS
   server's certificate with the intended domain name.


For those of you against DNSSEC, DANE leverages it significantly.

The point I have been attempting to make is if one to rely on HTTPS,
leveraging DANE will allow you to mitigate CAs and use self signed
cers but you will need to leverage DNSSEC to bind the self signed cert
using DANE and if you are going to rely on DNSSEC for DANE to support
HTTPS, why not short-circut this madness and just publish your
identifiers and secure the zone via DNSSEC and link in a stub resolver
in the client.

Short story: transform user@authority.tld  --> _btc.user.athority.tld TXT 1=
z....

A short i-d is probably a better way to explain, so I will task myself
to do that.

-rick


On Mon, Dec 19, 2011 at 6:46 AM, solar <solar@heliacal.net> wrote:
> I think HTTPS, and more specifically x.509 PKI certs and CAs are generall=
y a good idea and (historical implementation bugs aside) the concept is tec=
hnically sound and secure. =A0What is a bad idea (in my opinion) is to trus=
t a software vendor to decide who you should trust.. thus it is a bad idea =
for bitcoin software to promise any trust.
>
> The part where the concept becomes flawed is trusting 3rd parties who hav=
e no relationship with you, to serve your interests. =A0Now I'm just genera=
lizing here and this is not universally true.. but internet CAs just want t=
o sell certificates - they generally don't care beyond that, and they abuse=
 the certificate validity dates to charge more money. =A0All this is done u=
nder the guise of wanting to provide a secure experience to users without a=
 prior relationship to the entity being identified. =A0I propose that tryin=
g to follow this paradigm in bitcoin alias resolution is a bad idea because=
 it tries to solve 2 problems at once, one of which does not have any 'good=
' solution, and forces a specific policy.
>
> First, we need to resolve an alias to a bitcoin address somehow.. but sec=
ondly we need to establish trust with the entity doing the alias resolution=
 - to make sure that we can trust the response.
>
> When resolving an alias you will have to query an untrusted server, possi=
bly being proxied by an 'attacker'. =A0Presumably, an x.509 certificate wil=
l be presented, possibly self signed or chained off a self generated CA or =
whatever else.. but if it's your first contact then there is no possible wa=
y to know if it's correct or not. =A0You would have to retrieve the correct=
 public key of the CA to compare to first, possibly out of band. =A0Get it =
from my website, compare it to my business card, send me an email and I'll =
send it to you, or get it from some other source using some other pre exist=
ing trust (a centralized and possibly private directory perhaps). =A0The po=
int is, the reason there is so much disagreement is because there is no goo=
d way to trust the resolver if you don't create that trust relationship pri=
or to resolving an alias from it.
>
> I think that having to pre-trust the resolver would be an acceptable solu=
tion to all.. Those whose policy requires a simpler process can get a 3rd p=
arty CA list, much like the ones provided with web browsers and operating s=
ystems. =A0Those with strict verification policies can choose to pre verify=
 every public key.. and these processes are familiar to many organizations =
using PKI for other things already. =A0In a client, presenting the usual ce=
rtificate detail dialog, showing the public key, subject, issuer, and thumb=
print would be sufficient to allow users to implement their own policies wi=
thout forcing it one way or another.
>
> Please consider that while some organizations or users might require stro=
ng anonymity and pre existing trust, there are others who may want to do th=
e opposite and that is just as valid, even if you or 'everyone else' disagr=
ees with that. =A0In the case of bitcoin, it will be used as part of a larg=
er system, and whatever concerns are created by 'insecure' alias resolution=
 may well be addressed in another part of the system. =A0The most successfu=
l standards and implementations are the ones which provide the most flexibi=
lity - primarily because that allows users to extend them in ways the origi=
nal designers didn't necessarily plan for.
>
> Thanks,
> Laszlo
>
>
>
> On Dec 19, 2011, at 11:44 AM, Andy Parkins wrote:
>
>> On 2011 December 19 Monday, Jorge Tim=F3n wrote:
>>> Ok, so HTTP is not an option unless it shows a huge warning. I don't
>>> know the HTTPS possible attack, but maybe it needs a warning message
>>> too, from what you people are saying. Although using namecoin to
>>
>> The problems with HTTPS have been social rather than technical. =A0Multi=
ple CAs
>> have been strong-armed by governments or tricked into issuing fake
>> certificates by scammers. =A0There is no technical measure around that. =
=A0By
>> using the CA certificate we are saying to the system "here is someone I =
trust
>> to issue a certificate". =A0So far, with a large number of CAs, that tru=
st is
>> misplaced.
>>
>> I'm of the opinion though that this problem is outside the remit of bitc=
oin to
>> solve.
>>
>> Perhaps we should be more strict about which CA certificates are trusted=
 by
>> the bitcoin client: say restrict it to those who have demonstrably good
>> practices for verifying identity; rather than the ridiculous amount of t=
rust
>> that comes pre-installed for me in my browser.
>>
>>
>>
>> Andy
>>
>> --
>> Dr Andy Parkins
>> andyparkins@gmail.com
>> ------------------------------------------------------------------------=
------
>> Learn Windows Azure Live! =A0Tuesday, Dec 13, 2011
>> Microsoft is holding a special Learn Windows Azure training event for
>> developers. It will provide a great way to learn Windows Azure and what =
it
>> provides. You can attend the event by watching it streamed LIVE online.
>> Learn more at http://p.sf.net/sfu/ms-windowsazure_______________________=
________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
> -------------------------------------------------------------------------=
-----
> Learn Windows Azure Live! =A0Tuesday, Dec 13, 2011
> Microsoft is holding a special Learn Windows Azure training event for
> developers. It will provide a great way to learn Windows Azure and what i=
t
> provides. You can attend the event by watching it streamed LIVE online.
> Learn more at http://p.sf.net/sfu/ms-windowsazure
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development