Speech.is, breaking out of the alt TLD niche

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Speech.is, breaking out of the alt TLD niche

Post by biolizard89 »

indolering wrote:
Providing a signed, open-source, downloadable Javascript file would most likely be fine. However, if a web server is providing this file every time a .bit site is visited, it would be trivial for the server to send malicious JS depending on certain targeted user IP's or destination domains. This would be impossible to verifiably audit.

This is not a theoretical concern; this has happened with a Bitcoin online wallet which stole a specific targeted user's money by serving malicious JS to that user only. (I believe this was mentioned in Bitcoin Magazine a while back.)
Whoa, what is our threat model here? Targeted attacks happen on the normal internet and to real banks as well.

.bit improves upon a single point of failure for the internet: DNS-level censorship. There are ambitions to move beyond that, but we have to get to that goal first. This hybrid between DNS forwarding and social networking darknet is a very real way to make .bit relavent in a manner that is as secure as any financial institution. Given the level of scrutiny, it would be at least as secure as the updates we get from the namecoin development servers or Github or Mozilla :P
Web of trust is also very different from a Namamoto blockchain in terms of threat model.
Blockchains are distributed trust based crypto. Whether it's by consensus, percentage votes, or darknets, you must rely on other sources for that information.

Sorry if this is scattered, very late :P
.bit is supposed to guarantee the authenticity of name/value pairs, not just resist censorship. Web of trust generally doesn't have a proof-of-work component, which for some threat models makes it different from a Nakamoto blockchain.

That said, why not use a downloadable JS file? It could be distributed as a browser addon with minimal extra effort, and that way it's auditable.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

moa
Posts: 255
Joined: Mon May 23, 2011 6:13 am

Re: Speech.is, breaking out of the alt TLD niche

Post by moa »

... or you could post the hash (or sig or similar) to the JS executable in the namecoin blockchain.

indolering
Posts: 801
Joined: Sun Aug 18, 2013 8:26 pm
os: mac

Re: Speech.is, breaking out of the alt TLD niche

Post by indolering »

biolizard89 wrote: That said, why not use a downloadable JS file? It could be distributed as a browser addon with minimal extra effort, and that way it's auditable.
I think I need to re-frame this discussion, because that's exactly what I am trying to accomplish: a basic JavaScript library that can enable end users to browse .bit websites.

A browser add-on is one way to make .bit reachable by end-users. However, linking to censoredwebsite.bit with a note on how to install the add-on would never become an accepted norm.

Custom DNS, sever-side proxies, etc all lack at least one of these three requirements:
  • Does not require user configuration of system or browser.
  • Server untouched by legal liability of end users.
  • Information about content (DNS info) is transmitted and controlled by users.
Visiting censoredwebsite.bit.tld only requires logging into a social networking site the first time. After that, the browser can query for DNS information from a source unaffiliated with the server. If the destination website needs total control over the browsing session, the user is just forwarded to the IP address listed in the block chain.

Someone could MTM an HTTPS connection but fixing TLS is WAY outside of our threat model. Someone could crack open the server and deliver malicious JavaScript, but that would require a lot more effort than cracking the destination .bit website.

Finally, if we can't design an auditable server capable of serving two static files with reasonably high securely guarantees then ... I think we stand to loose a nerd merit badge or two : (
DNS is much more than a key->value datastore.

Post Reply