.bit is supposed to guarantee the authenticity of name/value pairs, not just resist censorship. Web of trust generally doesn't have a proof-of-work component, which for some threat models makes it different from a Nakamoto blockchain.indolering wrote:Whoa, what is our threat model here? Targeted attacks happen on the normal internet and to real banks as well.Providing a signed, open-source, downloadable Javascript file would most likely be fine. However, if a web server is providing this file every time a .bit site is visited, it would be trivial for the server to send malicious JS depending on certain targeted user IP's or destination domains. This would be impossible to verifiably audit.
This is not a theoretical concern; this has happened with a Bitcoin online wallet which stole a specific targeted user's money by serving malicious JS to that user only. (I believe this was mentioned in Bitcoin Magazine a while back.)
.bit improves upon a single point of failure for the internet: DNS-level censorship. There are ambitions to move beyond that, but we have to get to that goal first. This hybrid between DNS forwarding and social networking darknet is a very real way to make .bit relavent in a manner that is as secure as any financial institution. Given the level of scrutiny, it would be at least as secure as the updates we get from the namecoin development servers or Github or Mozilla
Blockchains are distributed trust based crypto. Whether it's by consensus, percentage votes, or darknets, you must rely on other sources for that information.Web of trust is also very different from a Namamoto blockchain in terms of threat model.
Sorry if this is scattered, very late
That said, why not use a downloadable JS file? It could be distributed as a browser addon with minimal extra effort, and that way it's auditable.