Can we ever expect to access .bit domains with Firefox, etc?

[AliceWonder]

It should not depend upon browser plugins to work. That's asking for trouble, I do not want a browser plugin that interferes with where and how the browser gets an IP address associated with a domain name. That's a very dangerous plugin that could have very bad security implications.

DNS servers need to support it. I would attempt to get it into the DNS servers that many home routers include, as well as an option into DNS servers like bind etc. that Linux distributions use.

[biolizard89]

It should not depend upon browser plugins to work. That's asking for trouble, I do not want a browser plugin that interferes with where and how the browser gets an IP address associated with a domain name. That's a very dangerous plugin that could have very bad security implications.

DNS servers need to support it. I would attempt to get it into the DNS servers that many home routers include, as well as an option into DNS servers like bind etc. that Linux distributions use.

First you bash proxies for being bad for security, and then you endorse using generic DNS servers that can't guarantee any of Namecoin's security benefits? This does not seem consistent.

Please elaborate on how an open-source Firefox extension is "very dangerous" and has "very bad security implications." Also please elaborate on how putting the same logic in a bind option is any safer than a Firefox extension.

[AliceWonder]

The danger is that any extension that alters how a browser gets an IP address to make a request is potentially a vector for malware. If bugs never existed it would not be a problem but bugs do exist.

Browsers should get an IP address from the facilities of the operating system name resolution and should not bypass those facilities.

[biolizard89]

The danger is that any extension that alters how a browser gets an IP address to make a request is potentially a vector for malware. If bugs never existed it would not be a problem but bugs do exist.

Browsers should get an IP address from the facilities of the operating system name resolution and should not bypass those facilities.

Are you claiming that an open-source Firefox extension contains malware, or that it may have an unintentional security issue which may be exploitable by malware?

Since you did not address the other points in my previous post, I will wait for those points to be addressed before I take your objection seriously.

I will, however, note that doing this in the browser is probably safer in terms of the rare case of malware exploiting a resolver bug, since if it's done in the browser, only the web browser is affected by the malware (i.e. the OS update feature and other critical functions are not going to be exploitable).

Thanks.

[AliceWonder]

No, I'm not making any claims about malware.

I'm making the claim that even open source software can have exploitable bugs (speaking of DNS, look at the history of bind) and there are many different ways such a plugin could be exploited, either through bugs in the plugin itself or possibly even bugs in the browser or a library the browser links against that would allow the plugin to be used for un-intended purposes, such as giving fraudulent name resolution for domains either in .bit or even ICANN tld's.

There's also the possibility of MITM with where the plugin gets the IP addresses it uses when a .bit domain is used.

And since browser add-ons and plugins are often installed as the user, there's always the possibility that malware has altered the plugin itself.

Name resolution should be performed by the operating system facilities where the files and software used to resolve hostnames can not be modified by a normal user or a program running as the normal user.

The effort should be getting resolution of .bit domains into standard nameserver software, such as what *nix users often install on their localhost or what you often find installed home routers.

That solves the problem elegantly, .bit domains are not treated any differently for name resolution (which means they work for e-mail and other applications as well) - it just works.

Rather than have people install a firefox plugin, why not have them configure their DNS to use a nameserver that is .bit aware?

[biolizard89]

Thanks for clarifying Alice.

No, I'm not making any claims about malware.

I'm making the claim that even open source software can have exploitable bugs (speaking of DNS, look at the history of bind) and there are many different ways such a plugin could be exploited, either through bugs in the plugin itself or possibly even bugs in the browser or a library the browser links against that would allow the plugin to be used for un-intended purposes, such as giving fraudulent name resolution for domains either in .bit or even ICANN tld's.

This is certainly true. But bugs in the browser would just as possibly result in the browser simply asking for an incorrect domain rather than asking for a correct domain but getting an incorrect answer.

There's also the possibility of MITM with where the plugin gets the IP addresses it uses when a .bit domain is used.

The existing browser extensions in use or under development (Convergence for Namecoin and a modified form of DNSSEC-Validator) access nmcontrol or namecoind via a TCP socket to localhost. If your PC is so compromised that MITM'ing localhost is a real threat, then you're screwed no matter what you do. It would probably be far easier to MITM a DNS server sitting on a router than to MITM namecoind on localhost.

And since browser add-ons and plugins are often installed as the user, there's always the possibility that malware has altered the plugin itself.

Firefox allows browser extensions to be signed. I don't use Chrome/IE/Safari/etc. but I assume they have the same feature. If you're talking about malware editing files in your Firefox profile after you install the extension, then I refer you to my above point: if this is really happening, you're screwed no matter what you do.

Name resolution should be performed by the operating system facilities where the files and software used to resolve hostnames can not be modified by a normal user or a program running as the normal user.

I'm not convinced that shoving everything needing security into the OS internals is an established procedure. To my knowledge, well-established security-intensive software like Tor run as standard user applications. They are sometimes run as a separate user from the client application, or even in separate VM's (e.g. Whonix), but I've never heard anyone claim that Tor should be part of the OS. How is your claim different from that claim?

The effort should be getting resolution of .bit domains into standard nameserver software, such as what *nix users often install on their localhost or what you often find installed home routers.

That solves the problem elegantly, .bit domains are not treated any differently for name resolution (which means they work for e-mail and other applications as well) - it just works.

Rather than have people install a firefox plugin, why not have them configure their DNS to use a nameserver that is .bit aware?

Three issues I can think of off the top of my head:

1. The DNS server would have to be run on localhost to prevent surveillance and/or hijacking by a network observer. I also don't think routers are necessarily more trustworthy than a machine the user has direct control over.
2. Most home routers don't have enough storage or memory to run namecoind. It's likely that a lite client will fix this particular issue.
3. There are .bit features which require a proxy and/or application-level support. The TLS feature requires installing a custom CA on your system, which is quite easy to do with a Firefox extension. Tor/I2P/Freenet resolution, TLS, and the proposed "http" and "noheader" fields generally require a proxy rather than a DNS server. (TLS might become doable without a custom CA or proxy using the DANE support that Pagel has been working on... the other features will still require a proxy.)

In any event, look at nmcontrol; it does a lot of what you want. If there's a feature that you think it's missing, by all means bring it up.

[virtual_master]

It should not depend upon browser plugins to work. That's asking for trouble, I do not want a browser plugin that interferes with where and how the browser gets an IP address associated with a domain name. That's a very dangerous plugin that could have very bad security implications.

DNS servers need to support it. I would attempt to get it into the DNS servers that many home routers include, as well as an option into DNS servers like bind etc. that Linux distributions use.

As Namecoin is a decentralized project tries to offer for .bit site surfing also more methods.
None of this methods is perfect but having more options will give a better robustness to the system and can withstand better against censorship.
The ICANN DNS resolving is a hierarchical authoritative system. Even if their DNS servers would support .bit domains (it would be very difficult to convince them) to rely completely on them would undergrab the decentralization principle. But it would be the most confortable solution for the users.
So every solution is a trade-off between different factors.
Let us compare different .bit surfing solutions from different point of views:

..................................................... decentralization ...... security ....... user-confort ..... difficulty to solve
webproxy(domain extension) ........ bad ........................ bad .............. good .................. easy
browser plug-in .............................. good ..................... good ............ middle ............... middle
DNS resolve(ICANN servers) ....... middle .................. good ............ best ................... very difficult
browser integrated DNS resolver .. good ..................... good ............ good .................. difficult

[AliceWonder]

ICANN shouldn't need to. I know with bind it is trivial to make your own TLDs for internal company use, it's been awhile but I've done it.

Obviously instead of the zone files a hierarchal DNS server would get the IP addresses from blockchain but using an actual DNS server, hierarchal or not, means the domains resolve for any Internet application. Links to an RSS feed for example will work even if your preferred RSS reader is external to firefox.

Things like that.

Well, I'm new to this so I'll shut up now, but it seems to me that the KISS solution is to use nameservers that support .bit. That works everywhere in all applications and does not require installing special code. As ISPs get on-board, .bit access will become a natural part of bigger and bigger audiences that just work and no longer will be restricted to geeks to install hackish browser extensions.

Get google on board with their 8.8.8.8 and 8.8.4.4 nameservers would be really nice.

[biolizard89]

ICANN shouldn't need to. I know with bind it is trivial to make your own TLDs for internal company use, it's been awhile but I've done it.

Obviously instead of the zone files a hierarchal DNS server would get the IP addresses from blockchain but using an actual DNS server, hierarchal or not, means the domains resolve for any Internet application. Links to an RSS feed for example will work even if your preferred RSS reader is external to firefox.

Things like that.

Well, I'm new to this so I'll shut up now, but it seems to me that the KISS solution is to use nameservers that support .bit. That works everywhere in all applications and does not require installing special code. As ISPs get on-board, .bit access will become a natural part of bigger and bigger audiences that just work and no longer will be restricted to geeks to install hackish browser extensions.

Get google on board with their 8.8.8.8 and 8.8.4.4 nameservers would be really nice.

I saw some research a while back that 80% of Firefox users have installed at least 1 browser extension, and the average user has installed 6. So I don't think installing extensions is limited to "geeks" as you say.

[phelix]

It should not depend upon browser plugins to work. That's asking for trouble, I do not want a browser plugin that interferes with where and how the browser gets an IP address associated with a domain name. That's a very dangerous plugin that could have very bad security implications.

DNS servers need to support it. I would attempt to get it into the DNS servers that many home routers include, as well as an option into DNS servers like bind etc. that Linux distributions use.

Just don't use the plugin if you don't want to.