Search found 27 matches
- Wed Jun 11, 2014 5:42 am
- Forum: Project direction
- Topic: [Proposal] Changes to TLS spec + Enforcement of TLS for http
- Replies: 21
- Views: 28978
Re: [Proposal] Changes to TLS spec + Enforcement of TLS for
Assuming that we allow different certs on a per-IP basis, we should consider that users will be using the "import" field to get the IP addresses, and we don't want fingerprints to be accidentally imported in the process. I guess what you are referring to is if someone uses the import field, and wan...
- Fri May 23, 2014 1:32 am
- Forum: Project direction
- Topic: [Proposal] Changes to TLS spec + Enforcement of TLS for http
- Replies: 21
- Views: 28978
Re: [Proposal] Changes to TLS spec + Enforcement of TLS for
My previous post covers both of your issues. ( http://forum.namecoin.info/viewtopic.php?f=5&t=1137&start=10#p7549 ) If a fingerprint is present it must be enforced. It is a lot nicer because the authentication is bound directly to the "location" (ipv4/ipv6/onion). I think we're in agreement that fi...
- Wed May 21, 2014 12:52 pm
- Forum: Project direction
- Topic: [Proposal] Changes to TLS spec + Enforcement of TLS for http
- Replies: 21
- Views: 28978
Re: [Proposal] Changes to TLS spec + Enforcement of TLS for
My previous post covers both of your issues. ( http://forum.namecoin.info/viewtopic.ph ... t=10#p7549 )
If a fingerprint is present it must be enforced. It is a lot nicer because the authentication is bound directly to the "location" (ipv4/ipv6/onion).
If a fingerprint is present it must be enforced. It is a lot nicer because the authentication is bound directly to the "location" (ipv4/ipv6/onion).
- Sun Dec 29, 2013 9:01 am
- Forum: Tools, GUI & other softwares
- Topic: [ANN] Fundraiser for NMC MultiBit Port
- Replies: 39
- Views: 30397
Re: [ANN] Fundraiser for NMC MultiBit Port
I think it would be great if you would get multibit working with namecoin! Even if it is "just" the currency aspects. Someone else can easily build ontop from there to get the other features working. Now I had a quick look to see what would be needed to make this happen and I found this post: https:...
- Sat Dec 28, 2013 8:19 am
- Forum: Project direction
- Topic: [SPEC] Domain name specification
- Replies: 34
- Views: 35744
Re: [SPEC] Domain name specification
With just straight DNS using nmcontrol you can already do TLSA/DANE lookups:
Code: Select all
dig TLSA _443._tcp.lolicore.bit +short
3 0 1 660008F91C07DCF9058CDD5AD2BAF6CC9EAE0F912B8B54744CB7643D 7621B787
- Fri Dec 27, 2013 1:06 am
- Forum: Project direction
- Topic: [Proposal] Namecoin/DNSSEC integration
- Replies: 25
- Views: 17781
Re: [Proposal] Namecoin/DNSSEC integration
If you base64 the data, you can no longer eyeball the fingerprint to compare it to the data directly/other places it is printed out in hex. I don't think the value of being able to visually compare data in the blockchain with the synthesized DS record is enough to spend an extra 50% representing th...
- Tue Dec 24, 2013 11:47 am
- Forum: Project direction
- Topic: [Proposal] Namecoin/DNSSEC integration
- Replies: 25
- Views: 17781
Re: [Proposal] Namecoin/DNSSEC integration
I don't think it should be base64 encoded, because we do not base64 encode any other data to make it more compact. We don't have very much that would otherwise be represented in hex - TLS fingerprints are about the only other thing, and we should base64 those as well. .... gzip the data before inse...
- Tue Dec 24, 2013 4:37 am
- Forum: Project direction
- Topic: [Proposal] Namecoin/DNSSEC integration
- Replies: 25
- Views: 17781
Re: [Proposal] Namecoin/DNSSEC integration
I propose we use base64 encoding instead of hex in order to make the representation a bit more compact. I don't think it should be base64 encoded, because we do not base64 encode any other data to make it more compact. If we really wanted the data to be compact we would use a format such as http://...
- Tue Dec 24, 2013 4:32 am
- Forum: Project direction
- Topic: [Proposal] Namecoin/DNSSEC integration
- Replies: 25
- Views: 17781
Re: [Proposal] Namecoin/DNSSEC integration
My test server is up at namecoin.ryanc.org. DO NOT USE IT FOR ANYTHING CRITICAL! It's rate limited and I reserve the right to take it down and/or reconfigure it without notice or regard to anyone using it. Instructions to follow sometime tomorrow. Also note that my changes to NamecoinToBind have be...
- Tue Dec 24, 2013 1:04 am
- Forum: Project direction
- Topic: DNSChain deprecates Certificate Authorities and fixes HTTPS
- Replies: 11
- Views: 12359
Re: DNSNMC deprecates Certificate Authorities and fixes HTTP
I just want to point out, that right now if you use https://cloudns.com.au/ as your resolver, by using DNSCrypt you have authenticated the cloudns.com.au resolver and you are encrypting your DNS queries. The cloudns.com.au resolver also resolves .bit addresses and returns TLS data for TLSA records....