[3 BTC Bounty] TLS Support for .bit Domains

snailbrain
Posts: 309
Joined: Tue Jul 19, 2011 9:33 pm

Re: [3 BTC Bounty] TLS Support for .bit Domains

Post by snailbrain »

we have added the fingerprint field to the QT for domain configuration (although not yet released), will be soon

Image

ninjarobot
Posts: 40
Joined: Tue Jun 04, 2013 4:59 am

Re: [3 BTC Bounty] TLS Support for .bit Domains

Post by ninjarobot »

This is getting better and better!

I'm afraid to admit it but I think I caught the Namecoin bug :) (if there is such a thing!)

domob
Posts: 1127
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: [3 BTC Bounty] TLS Support for .bit Domains

Post by domob »

Please excuse me for being ingorant about how Convergence works, but as far as I can tell, this browser plugin does not actually use a local namecoin installation, right? (But maybe you can configure it to work on a local proxy server.) Personally I like to run namecoind on my system, and would love to get .bit resolution done completely without trusting any third party (API server or external DNS or so).

Is this possible with your plugin, or do you plan on implementing this feature in the future? (But maybe I just missed it and it works already like that....) If that is not planned (because you want to avoid the overhead of having to run a namecoind for the user or something like that), what do you and the community think about a separate project which implements .bit (and possibly .tor) resolution based on a local namecoind? Since I'm already working my way into Firefox addons for NameID (and will also need to communicate with a namecoind RPC interface for that), it would possibly be easy to either add this as optional feature to my NameID addon or write up another one based on what I'll have to learn anyway.
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

khal
Site Admin
Posts: 708
Joined: Mon May 09, 2011 5:09 pm
os: linux

Re: [3 BTC Bounty] TLS Support for .bit Domains

Post by khal »

domob wrote:Please excuse me for being ingorant about how Convergence works, but as far as I can tell, this browser plugin does not actually use a local namecoin installation, right? (But maybe you can configure it to work on a local proxy server.) Personally I like to run namecoind on my system, and would love to get .bit resolution done completely without trusting any third party (API server or external DNS or so).

Is this possible with your plugin, or do you plan on implementing this feature in the future? (But maybe I just missed it and it works already like that....) If that is not planned (because you want to avoid the overhead of having to run a namecoind for the user or something like that), what do you and the community think about a separate project which implements .bit (and possibly .tor) resolution based on a local namecoind? Since I'm already working my way into Firefox addons for NameID (and will also need to communicate with a namecoind RPC interface for that), it would possibly be easy to either add this as optional feature to my NameID addon or write up another one based on what I'll have to learn anyway.
It is a modified version of Convergence that makes rpc calls to nmcontrol (it supports self-signed certificate checks with their hash in namecoin).
nmcontrol is a python program that get data from namecoind (or get them from a file, or anything else we implement, like url), parse them following the specs and return them is the format asked.
nmcontrol currently supports spec v1 for .bit, v2 support is the next thing on my TODO.
nmcontrol also includes a DNS server (among other things) that is able to resolve .bit domains (v1 spec only also for now).

This branch supports :
- .bit DNS resolution for HTTP/HTTPS
- HTTP sites won't be able to go through a proxy

It is not a final code as I need to work on nmcontrol to provide a clean API. When this will be done, the dns_resolution branch will be adapted and merged here and the Convergence.xpi file will be updated.
NamecoinID: id/khal
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T

Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent

domob
Posts: 1127
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: [3 BTC Bounty] TLS Support for .bit Domains

Post by domob »

khal wrote:
domob wrote:Please excuse me for being ingorant about how Convergence works, but as far as I can tell, this browser plugin does not actually use a local namecoin installation, right? (But maybe you can configure it to work on a local proxy server.) Personally I like to run namecoind on my system, and would love to get .bit resolution done completely without trusting any third party (API server or external DNS or so).

Is this possible with your plugin, or do you plan on implementing this feature in the future? (But maybe I just missed it and it works already like that....) If that is not planned (because you want to avoid the overhead of having to run a namecoind for the user or something like that), what do you and the community think about a separate project which implements .bit (and possibly .tor) resolution based on a local namecoind? Since I'm already working my way into Firefox addons for NameID (and will also need to communicate with a namecoind RPC interface for that), it would possibly be easy to either add this as optional feature to my NameID addon or write up another one based on what I'll have to learn anyway.
It is a modified version of Convergence that makes rpc calls to nmcontrol (it supports self-signed certificate checks with their hash in namecoin).
nmcontrol is a python program that get data from namecoind (or get them from a file, or anything else we implement, like url), parse them following the specs and return them is the format asked.
nmcontrol currently supports spec v1 for .bit, v2 support is the next thing on my TODO.
nmcontrol also includes a DNS server (among other things) that is able to resolve .bit domains (v1 spec only also for now).

This branch supports :
- .bit DNS resolution for HTTP/HTTPS
- HTTP sites won't be able to go through a proxy

It is not a final code as I need to work on nmcontrol to provide a clean API. When this will be done, the dns_resolution branch will be adapted and merged here and the Convergence.xpi file will be updated.
Thanks for the info, khal! Looks indeed interesting, if it indeed uses a local namecoind!
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: [3 BTC Bounty] TLS Support for .bit Domains

Post by biolizard89 »

As khal stated, it is using a local namecoind; you are not trusting a third party.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: [3 BTC Bounty] TLS Support for .bit Domains

Post by biolizard89 »

Code updated at the GitHub repo; now DNS resolution of .bit domains works using the new nmcontrol API. @khal feel free to pull my code into your repo, do a version bump, and release a .xpi on the dot-bit site.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: [3 BTC Bounty] TLS Support for .bit Domains

Post by biolizard89 »

New code pushed to GiHub; now HTTP GET requests for .bit domains will go through the Convergence proxy. This *should* allow use of HTTP/SOCKS proxies (including Tor) to access .bit domains. Note that I haven't tested for proxy/DNS leaks (anyone want to test for leaks?), so any use in mission-critical environments is discouraged.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

moa
Posts: 255
Joined: Mon May 23, 2011 6:13 am

Re: [3 BTC Bounty] TLS Support for .bit Domains

Post by moa »

biolizard89 wrote:New code pushed to GiHub; now HTTP GET requests for .bit domains will go through the Convergence proxy. This *should* allow use of HTTP/SOCKS proxies (including Tor) to access .bit domains. Note that I haven't tested for proxy/DNS leaks (anyone want to test for leaks?), so any use in mission-critical environments is discouraged.
Cool. I'll be testing this out.

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: [3 BTC Bounty] TLS Support for .bit Domains

Post by biolizard89 »

Merged in about 2 years of upstream Convergence commits yesterday. Everything appears to still work, but test reports from people who can build from the latest GitHub code would be greatly appreciated. (And hopefully khal will get a new XPI onto the site soon.)

EDIT: Forgot to say, I also think I fixed a DNS leak which occurred in cases where a nonexistent .bit domain was requested. Now nonexistent .bit domains should just show an error rather than leaking DNS. If someone wants to test for leaks in Wireshark, that would be appreciated.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

Post Reply