how do i get the most out of my dot bits?

Post Reply
names
Posts: 8
Joined: Sun Jul 10, 2016 4:45 pm

how do i get the most out of my dot bits?

Post by names »

how do i take full advantage of namecoins decentralized nature? is it safer to set up a dot bit pointing to an ip address than regular https alone? how do i use name coin as a certificate authority? if i cant yet should we build a dedicated internet browser just for dot bits?

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: how do i get the most out of my dot bits?

Post by biolizard89 »

names wrote:how do i take full advantage of namecoins decentralized nature? is it safer to set up a dot bit pointing to an ip address than regular https alone? how do i use name coin as a certificate authority? if i cant yet should we build a dedicated internet browser just for dot bits?
A non-HTTPS website (regardless of whether it uses Namecoin) is trivially easy to wiretap or MITM. An HTTPS website using an ICANN domain is resistant to such attacks if you trust the centralized certificate authorities. An HTTPS website using a Namecoin domain is resistant to such attacks if you consider the Namecoin blockchain/network to be secure. I tend to think that Namecoin has the potential to be much more trustworthy than centralized CA's.

Namecoin TLS is working in my internal beta (although right now it only works on Chrome on Windows). I'm hoping to get that released fairly soon. (Technically I was aiming for about a week ago, but that deadline slipped a bit.)

Building a dedicated browser isn't easy nor safe unless one has a lot of resources. (For example, Brave seems to be doing an okay job at maintaining a Chromium fork, and Tor seems to be doing an okay job at maintaining a Firefox fork.) We do not have the resources to do that. In any event, a decent number of existing browsers (specifically Chromium and Firefox) expose API's that can be (ab)used to implement Namecoin TLS. I don't really like those API's, since they're annoying to use, but they're doable. I'm attempting to engage with some Google and Mozilla people to see if better API's can be added; no idea if that'll go anywhere.

Cheers!
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

johnc
Posts: 89
Joined: Sun Dec 28, 2014 10:03 am

Re: how do i get the most out of my dot bits?

Post by johnc »

@names

It is safer in the sense that your domain cannot be seized, and you can change the ip faster.

It is not safer in the sense that your website (hosting, content) is neither anonymous or private.

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: how do i get the most out of my dot bits?

Post by biolizard89 »

johnc wrote:It is safer in the sense that your domain cannot be seized
Please don't make baseless and reckless claims like this; doing so is unethical and reduces credibility of Namecoin. (To be clear, johnc doesn't represent the Namecoin developers.) I'm aware of multiple cases where Namecoin domains have been seized. Depending on an individual user's threat model, seizure of a Namecoin domain may be easier or more difficult than seizure of an ICANN-based domain name. It is certainly our goal to make seizure of names as difficult as possible, within the design constraints of Namecoin.

This is a topic that is covered in the FAQ: https://namecoin.org/docs/faq/ . (See the "name stealing") section. Suggestions and pull requests for improving that section (or the FAQ generally) are very much welcome.
johnc wrote:and you can change the ip faster.
Assuming that the IP is stored in the blockchain, the speed of changing it is equivalent to the speed of issuing a Bitcoin transaction and then convincing someone that that Bitcoin transaction is valid. Depending on the threat model of the person looking up your domain, the amount of PoW needed to convince them may vary. Storing IP addresses in the blockchain may or may not scale well, depending on the use case and external factors.

For ICANN-based DNS, and for a Namecoin domain name which delegates the IP to a nameserver, the speed of updating the IP depends on the TTL of the record (as well as the behavior of any caching nameservers that might exist).

I think under most of the circumstances I've encountered in my personal usage, Namecoin updates faster. Your results may vary.
johnc wrote:It is not safer in the sense that your website (hosting, content) is neither anonymous or private.
That's true that Namecoin isn't anonymous. "Private" is an ambiguous term. Namecoin domains don't require a real name or email address to be registered (which might make them more private than ICANN-based domain names), but blockchain graph analysis (or P2P network wiretapping) might enable multiple Namecoin transactions to be linked (which is less private than ICANN-based DNS for some threat models). The values of Namecoin names (and their existence) are public and enumerable, which is also less private than ICANN-based DNS.

It's worth stating that we are actively working to improve privacy (including anonymity); there's nothing in the Namecoin design that inherently prevents anonymous registrations, and hiding the values or names of registrations from enumeration has been discussed (it would be an interesting kind of fork called a hard-soft-name-fork, which I need to post a thread about sometime).

From the context of names's post, it sounded to me like the question was specifically about encryption of traffic to a server that has a Namecoin domain; hence why I focused on that aspect in my previous post. @names, was my impression correct, or were you asking about a different aspect of "safety"?

Cheers.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

names
Posts: 8
Joined: Sun Jul 10, 2016 4:45 pm

Re: how do i get the most out of my dot bits?

Post by names »

I was trying to wrap my head around, what benefits I'm getting from using a dot bit in different situations. Ideal situation is use namecoin for the certificate authority and domain registration which i should probably just wait for the ideal situation before mapping to real websites or trying to sell dot bits to corporations.

johnc
Posts: 89
Joined: Sun Dec 28, 2014 10:03 am

Re: how do i get the most out of my dot bits?

Post by johnc »

well, IMHO, i don't know how well bitcoin/namecoin fits for a corporation, apart from preventing domain-squating, since a it guy in charge of this in a company would be able to run away with the money/domains in case he gets fired. So it will probably require a multisignature for example. Companies or goverments that don't trust the US could be interested in this. Namecoin is mostly a free backup solution in case the global dns system is down or censored.

This fits best internet only companies that don't have a physical presence and individual's websites. let's say a newspaper, if their domain name is taken down or hijacked, pooof, it's gone, there is no way to locate them anymore.

And i don't know what biolizard refers to as namecoin domains being seized...

As long as your computer is not compromised, only the domain creator (the one with the namecoin wallet) can change the domain records stored on NMC. A different problem occurs when you fail to update them in time, aka they expire.

update: it is true that a certificate autority could use NMC to publish their public keys etc. for example. just like any domain name could use it to say, hey this is my real address, my real sha-1 fingerprint, to make users aware in case there is ssl eavesdropping etc...

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: how do i get the most out of my dot bits?

Post by biolizard89 »

johnc wrote:And i don't know what biolizard refers to as namecoin domains being seized...

As long as your computer is not compromised, only the domain creator (the one with the namecoin wallet) can change the domain records stored on NMC. A different problem occurs when you fail to update them in time, aka they expire.
A quick look through GitHub and the forum would lead you to multiple cases of people's domains being seized. (Generally speaking, "seized" refers to ownership transfer of a name without the consent of the original owner.) The most common cases where this happens are when the owner loses their private keys, or fails to renew.

As the FAQ I linked to clearly states, there isn't any published analysis of how risk of Namecoin name seizure compares to risk of ICANN-based domain seizure. The FAQ also clearly states some future improvements that we intend to make in order to reduce that risk in Namecoin's case.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

Post Reply