Search found 80 matches

by renne
Thu Sep 17, 2015 10:48 am
Forum: Project direction
Topic: Namecoin as Root-CA for .bit-domains/identities
Replies: 21
Views: 4843

Re: Namecoin as Root-CA for .bit-domains/identities

You can create as many different X.509 server- or S/MIME-certificates for a <name> as you want. Each one will have a unique RSA key-pair and the X.509 server- or S/MIME-certificate itself will be signed with the private key of the corresponding blockchain wallet. After creation you just install the ...
by renne
Thu Sep 17, 2015 7:47 am
Forum: Project direction
Topic: Namecoin as Root-CA for .bit-domains/identities
Replies: 21
Views: 4843

Re: Namecoin as Root-CA for .bit-domains/identities

Do I understand correctly that your scheme would require a name to stay at the same Namecoin owner address in order to keep the same TLS cert? Yes. The X.509 server- or S/MIME-certificate is generated with the <identity|.bit-domain> as CommonName, own private/public key-pair and signed with the pri...
by renne
Tue Sep 15, 2015 3:59 pm
Forum: Project direction
Topic: Namecoin as Root-CA for .bit-domains/identities
Replies: 21
Views: 4843

Re: Namecoin as Root-CA for .bit-domains/identities

somename wrote:Can you use CORS (http://enable-cors.org/server_nginx.html) or setup a local Web proxy with CORS allowed?
No. It's a HTML5-file with JS on the local disk and opened via "file://". I'm trying to connect to "http://127.0.0.1:8336" to communicate with Namecoind.
by renne
Tue Sep 15, 2015 3:27 pm
Forum: Project direction
Topic: Namecoin as Root-CA for .bit-domains/identities
Replies: 21
Views: 4843

Re: Namecoin as Root-CA for .bit-domains/identities

Would it not be easier to locally create a certificate and add it as a root certificate to the system so that it can be used to authenticate all https .bit requests? Having a certificate per identity/domain in the blockchain would bloat the blockchain a lot. The idea is to sign a server- or S/MIME-...
by renne
Mon Sep 14, 2015 8:36 pm
Forum: Project direction
Topic: Namecoin as Root-CA for .bit-domains/identities
Replies: 21
Views: 4843

Re: Namecoin as Root-CA for .bit-domains/identities

Namecoin-Qt should open an RPC port as long as "server=1" is set in namecoin.conf. "server=1" did the trick. ;) So, going back to your suggestion of generating a certificate from just a public key in the blockchain... it would be interesting if we had a deterministic algorithm for doing this which ...
by renne
Mon Sep 14, 2015 11:16 am
Forum: Project direction
Topic: Namecoin as Root-CA for .bit-domains/identities
Replies: 21
Views: 4843

Re: Namecoin as Root-CA for .bit-domains/identities

Shouldn't be too hard to hook the domain lookup (or some other event that occurs before the TLS handshake), so that only .bit domains that were looked up in the past 10 minutes have visible certificate files. Assuming, of course, that the TLS validation library loads the certificates from the files...
by renne
Sun Sep 13, 2015 10:44 am
Forum: Project direction
Topic: Namecoin as Root-CA for .bit-domains/identities
Replies: 21
Views: 4843

Re: Namecoin as Root-CA for .bit-domains/identities

A clean solution would be to extend Namecoind as a Server-Based Certificate Validation Protocol (SCVP) server. Unfortunately current SSL/TLS-libraries/-applications like OpenSSL don't support SCVP, yet. It would be good for a proof-of-concept implemetation of the blockchain<->X.509-combo as an authe...
by renne
Sun Sep 13, 2015 9:55 am
Forum: Project direction
Topic: Namecoin as Root-CA for .bit-domains/identities
Replies: 21
Views: 4843

Re: Namecoin as Root-CA for .bit-domains/identities

Can a virtual filesystem be used with non-Linux OS's, particularly Windows? Citation of Wikipedia : This implementation of FUSE is available for Linux, FreeBSD, NetBSD (as puffs), DragonFly BSD (as puffs), OpenSolaris, Minix 3, Android and OS X. https://github.com/dokan-dev/dokany seems to be a sim...
by renne
Sat Sep 12, 2015 9:32 am
Forum: Project direction
Topic: Namecoin as Root-CA for .bit-domains/identities
Replies: 21
Views: 4843

Re: Namecoin as Root-CA for .bit-domains/identities

Can you elaborate a bit on how the overlay filesystem would work? Would it require the blockchain to store full certs, or just hashes? Neither! ;) A Namecoin process on every every host would scan the complete blockchain at first start and generate a root certificate for each wallet with valid name...
by renne
Fri Sep 11, 2015 11:14 am
Forum: Project direction
Topic: Namecoin as Root-CA for .bit-domains/identities
Replies: 21
Views: 4843

Namecoin as Root-CA for .bit-domains/identities

The scandals in the last three years with certificate authorities issuing non-validated certificates and intermediate-certificates or being hacked have shown certificate authorities are not reliable which breaks security of SSL/TLS. CAs do not issue certificates for .bit-domains. So I suggest to use...