[3 BTC Bounty] TLS Support for .bit Domains
Re: [3 BTC Bounty] TLS Support for .bit Domains
biolizard89, would it need a lot of work to make the convergence plugin :
- get ip from nmcontrol for a .bit name (imagine nmcontrol can give you the ip directly for a domain/sub-domain)
- intercept http .bit requests too
That way, dns requests for .bit are private and we are sure .bit requests go to the right ip (no intermediary/remote dns server).
- get ip from nmcontrol for a .bit name (imagine nmcontrol can give you the ip directly for a domain/sub-domain)
- intercept http .bit requests too
That way, dns requests for .bit are private and we are sure .bit requests go to the right ip (no intermediary/remote dns server).
NamecoinID: id/khal
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: [3 BTC Bounty] TLS Support for .bit Domains
Funnily enough, that occurred to me too. I was actually looking at the Convergence source code this morning to see how easy that would be... it looks like it might be doable. I'll play around with a bit and see if I can make progress; I'll also post some notes on what I think would need changing.khal wrote:biolizard89, would it need a lot of work to make the convergence plugin :
- get ip from nmcontrol for a .bit name (imagine nmcontrol can give you the ip directly for a domain/sub-domain)
- intercept http .bit requests too
That way, dns requests for .bit are private and we are sure .bit requests go to the right ip (no intermediary/remote dns server).
Re: [3 BTC Bounty] TLS Support for .bit Domains
What is the advantage to changing the dns server to 127.0.0.1 = nmcontrol ?khal wrote:biolizard89, would it need a lot of work to make the convergence plugin :
- get ip from nmcontrol for a .bit name (imagine nmcontrol can give you the ip directly for a domain/sub-domain)
- intercept http .bit requests too
That way, dns requests for .bit are private and we are sure .bit requests go to the right ip (no intermediary/remote dns server).
Re: [3 BTC Bounty] TLS Support for .bit Domains
The DNS server need administrator privilieges (for port 53) + changing DNS configuration on the OS.phelix wrote:What is the advantage to changing the dns server to 127.0.0.1 = nmcontrol ?khal wrote:biolizard89, would it need a lot of work to make the convergence plugin :
- get ip from nmcontrol for a .bit name (imagine nmcontrol can give you the ip directly for a domain/sub-domain)
- intercept http .bit requests too
That way, dns requests for .bit are private and we are sure .bit requests go to the right ip (no intermediary/remote dns server).
The disadvantage of Convergence is that it only works in firefox. But it is sufficient for a lot of people, and it is a good first step.
NamecoinID: id/khal
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: [3 BTC Bounty] TLS Support for .bit Domains
I have .bit DNS resolution working in Convergence for Namecoin for HTTP domains. I'll upload the code when I have a few minutes. Right now it only checks the "ip" record for the main domain (so anything using ip6/map/alias/ns/etc won't work). Also .bit DNS resolution doesn't work for HTTPS sites (probably fixable), and HTTP sites won't be able to go through a proxy (not easily fixable because Firefox is stupid and doesn't support proxy chains).biolizard89 wrote:Funnily enough, that occurred to me too. I was actually looking at the Convergence source code this morning to see how easy that would be... it looks like it might be doable. I'll play around with a bit and see if I can make progress; I'll also post some notes on what I think would need changing.khal wrote:biolizard89, would it need a lot of work to make the convergence plugin :
- get ip from nmcontrol for a .bit name (imagine nmcontrol can give you the ip directly for a domain/sub-domain)
- intercept http .bit requests too
That way, dns requests for .bit are private and we are sure .bit requests go to the right ip (no intermediary/remote dns server).
khal, any chance nmcontrol could be updated to provide the IP address of an arbitrary .bit domain?
EDIT: Here's the code: https://github.com/JeremyRand/Convergen ... resolution
Re: [3 BTC Bounty] TLS Support for .bit Domains
Goodbiolizard89 wrote:I have .bit DNS resolution working in Convergence for Namecoin for HTTP domains. I'll upload the code when I have a few minutes. Right now it only checks the "ip" record for the main domain (so anything using ip6/map/alias/ns/etc won't work).
It's not possible to usebiolizard89 wrote:Also .bit DNS resolution doesn't work for HTTPS sites (probably fixable), and HTTP sites won't be able to go through a proxy (not easily fixable because Firefox is stupid and doesn't support proxy chains).
Code: Select all
this.connectionManager.setProxyTunnel(proxy);
Code: Select all
return Components.classes["@mozilla.org/network/protocol-proxy-service;1"].getService(Components.interfaces.nsIProtocolProxyService).newProxyInfo("http", ipv4, uri.port==-1 ? 80 : uri.port, 1, 0, null);
It'll be there in several days (after version 0.4.0 of this : http://dot-bit.org/forum/viewtopic.php?p=4407#p4407).biolizard89 wrote:khal, any chance nmcontrol could be updated to provide the IP address of an arbitrary .bit domain?
What API would you see to get data from (sub-)domains ? (it should be generic to work for non .bit things too)
Proposal :
Code: Select all
./nmcontrol.py dns getIp domain.bit => return un array
./nmcontrol.py dns getIp4 domain.bit => return un array
./nmcontrol.py dns getIp6 domain.bit => return un array
NamecoinID: id/khal
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: [3 BTC Bounty] TLS Support for .bit Domains
As far as I can tell, the setProxyTunnel method only applies to HTTPS traffic going through the Convergence proxy. I tried to get HTTP traffic to go through the proxy, but Convergence didn't allow it through (the Convergence proxy only supports HTTPS CONNECT, not HTTP GET). With my current code, HTTP traffic doesn't use the Convergence proxy; it goes directly to the target IP.
For the API, I'd like to see the following features:
getIp4
getIp6
getOnion
getI2p
getFreenet
getFingerprint
All of these would accept a .bit domain as an argument.
In the case of getIp4 and getIp6, I'd like to have the ability to specify in the API call whether to allow DNS leaks (similar to the --private flag in NMCSocks).
EDIT: I have HTTPS working for .bit lookups as well. Code is on my GitHub.
For the API, I'd like to see the following features:
getIp4
getIp6
getOnion
getI2p
getFreenet
getFingerprint
All of these would accept a .bit domain as an argument.
In the case of getIp4 and getIp6, I'd like to have the ability to specify in the API call whether to allow DNS leaks (similar to the --private flag in NMCSocks).
EDIT: I have HTTPS working for .bit lookups as well. Code is on my GitHub.
Re: [3 BTC Bounty] TLS Support for .bit Domains
I have a feeling this is becoming big.biolizard89 wrote:As far as I can tell, the setProxyTunnel method only applies to HTTPS traffic going through the Convergence proxy. I tried to get HTTP traffic to go through the proxy, but Convergence didn't allow it through (the Convergence proxy only supports HTTPS CONNECT, not HTTP GET). With my current code, HTTP traffic doesn't use the Convergence proxy; it goes directly to the target IP.
For the API, I'd like to see the following features:
getIp4
getIp6
getOnion
getI2p
getFreenet
getFingerprint
All of these would accept a .bit domain as an argument.
We have not even decided on the namespaces for Freenet and I2P, have we? I suggest fn and i2p.
I suggest all should take the private parameter - maybe there will be namecoind servers that feed nmcontrol in the future.In the case of getIp4 and getIp6, I'd like to have the ability to specify in the API call whether to allow DNS leaks (similar to the --private flag in NMCSocks).
EDIT: I have HTTPS working for .bit lookups as well. Code is on my GitHub.
I recommend we change the fingerprint representation in the blockchain to a more compact format. At least it should be possible without colons. Or should we go further and allow base64 or something?
IMHO at least the colons should be completely removed from the namespace spec. Would it be OK if I do that?
Snailbrain is working on a cool name configuration GUI panel so we should decide on this soon.
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: [3 BTC Bounty] TLS Support for .bit Domains
My opinion is that Onion/I2P/Freenet should still be in the d/ namespace. This is useful because it allows a domain owner to prove that they control both an IPv6 and an I2P domain, for example. WikiLeaks used an Onion domain and an IPv4 domain to point to the same server (the submission system), I think the .bit spec should allow such use cases.phelix wrote:I have a feeling this is becoming big.biolizard89 wrote:As far as I can tell, the setProxyTunnel method only applies to HTTPS traffic going through the Convergence proxy. I tried to get HTTP traffic to go through the proxy, but Convergence didn't allow it through (the Convergence proxy only supports HTTPS CONNECT, not HTTP GET). With my current code, HTTP traffic doesn't use the Convergence proxy; it goes directly to the target IP.
For the API, I'd like to see the following features:
getIp4
getIp6
getOnion
getI2p
getFreenet
getFingerprint
All of these would accept a .bit domain as an argument.
We have not even decided on the namespaces for Freenet and I2P, have we? I suggest fn and i2p.
The only argument I've heard against this is that it makes blacklisting certain types of records harder, e.g. a user wants to blacklist IPv4 and IPv6 but allow I2P. This can still be accomplished by having the browser plugin / SOCKS proxy have an option to only allow certain types of records (basically the same idea as blacklisting the ns record as the --private flag does in NMCSocks).
I like the colons because they're more readable. Also, browsers report the fingerprints with colons, so if we removed them from the blockchain, we would have to re-insert them when we compare them to the browser fingerprint. But, I suppose if nmcontrol handled this for us, it wouldn't be a big deal.I suggest all should take the private parameter - maybe there will be namecoind servers that feed nmcontrol in the future.In the case of getIp4 and getIp6, I'd like to have the ability to specify in the API call whether to allow DNS leaks (similar to the --private flag in NMCSocks).
EDIT: I have HTTPS working for .bit lookups as well. Code is on my GitHub.
I recommend we change the fingerprint representation in the blockchain to a more compact format. At least it should be possible without colons. Or should we go further and allow base64 or something?
IMHO at least the colons should be completely removed from the namespace spec. Would it be OK if I do that?
Snailbrain is working on a cool name configuration GUI panel so we should decide on this soon.
Re: [3 BTC Bounty] TLS Support for .bit Domains
\o/biolizard89 wrote:As far as I can tell, the setProxyTunnel method only applies to HTTPS traffic going through the Convergence proxy. I tried to get HTTP traffic to go through the proxy, but Convergence didn't allow it through (the Convergence proxy only supports HTTPS CONNECT, not HTTP GET). With my current code, HTTP traffic doesn't use the Convergence proxy; it goes directly to the target IP.
For the API, I'd like to see the following features:
getIp4
getIp6
getOnion
getI2p
getFreenet
getFingerprint
All of these would accept a .bit domain as an argument.
In the case of getIp4 and getIp6, I'd like to have the ability to specify in the API call whether to allow DNS leaks (similar to the --private flag in NMCSocks).
EDIT: I have HTTPS working for .bit lookups as well. Code is on my GitHub.
checking it out now ....