[3 BTC Bounty] TLS Support for .bit Domains
-
- Posts: 21
- Joined: Mon Apr 01, 2013 12:04 pm
- os: linux
Re: [3 BTC Bounty] TLS Support for .bit Domains
Keep on developing this wonderful project.
It has future.
We should make some fund raising also.
It has future.
We should make some fund raising also.
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: [3 BTC Bounty] TLS Support for .bit Domains
Hey everyone,biolizard89 wrote:NMCSocks has some partial support for TLS, but there are no binaries, and as far as I can tell no one was able to make it build. It's discontinued, so it's doubtful that that code will be fixed/finished.
I am pledging a 1 BTC bounty to the first developer to implement the TLS feature of the .bit 2.0 spec. Requirements (all must be met for the bounty to be awarded):
1. TLS support implemented as described in the .bit 2.0 spec.
2. Source code (under open source license) with build instructions. (Someone must be able to verify that the source code is buildable.)
3. Windows binary. (Obviously Linux/OSX binaries would be awesome, but not a requirement.)
4. Instructions for making it work with Firefox on Windows.
5. I must be able to run the software for 1 week without crashes or other unexpected behavior.
6. Must be posted on this forum.
I think the centralization of the standard TLS infrastructure is a danger to the security of the Internet, and I think that .bit won't catch on if sites can't use TLS. Implementing TLS for .bit in a user-friendly way would help solve both issues.
If unclaimed, this bounty will expire at 11:59PM UTC, March 31, 2013.
(Warning for candidates: the latest binaries of NMCSocks crash periodically on Windows [at least for me], so if you use that code as your base, you'll need to make sure that it can meet requirement 5 above.)
If clarifications are needed about what I'm requesting, just ask. (This is the first bounty I've offered, so if I've made an oversight, please point it out and I'll correct.)
Thanks!
EDIT: total pledges:
1 BTC - biolizard89
1 BTC - phelix
1 BTC - Namecoin Marketing and Development Fund
Two two-letter .bit domains ( https://bitcointalk.org/index.php?topic=66212 ) - phelix
EDIT 2: All pledges extended to July 31, 2013.
As of now, I am claiming the bounty. Source code is at https://github.com/JeremyRand/Convergence/tree/namecoin ; an XPI installer is at http://veclabs.fuzziqersoftware.com/fil ... _06_11.xpi . You'll need Firefox, nmcontrol, and namecoind; see the documentation at GitHub.
This wasn't particularly easy for me, as I'm not fluent in Firefox extensions, but I'm pretty good at Google-fu. Hopefully this generates some interest for Namecoin.
@phelix and everyone else interested -- can you test this out? I'd like to see some test reports. And, assuming this is tested and works as I think it does, how should we go about awarding the bounty? Do I just post a Bitcoin address on the forum? Never done this before....
Thanks!
Re: [3 BTC Bounty] TLS Support for .bit Domains
Woohaa. Sounds great. Give me (and others) a couple of days to take a look. In the meantime you might want to choose your domains from here: https://bitcointalk.org/index.php?topic=66212biolizard89 wrote:Hey everyone,biolizard89 wrote:NMCSocks has some partial support for TLS, but there are no binaries, and as far as I can tell no one was able to make it build. It's discontinued, so it's doubtful that that code will be fixed/finished.
I am pledging a 1 BTC bounty to the first developer to implement the TLS feature of the .bit 2.0 spec. Requirements (all must be met for the bounty to be awarded):
1. TLS support implemented as described in the .bit 2.0 spec.
2. Source code (under open source license) with build instructions. (Someone must be able to verify that the source code is buildable.)
3. Windows binary. (Obviously Linux/OSX binaries would be awesome, but not a requirement.)
4. Instructions for making it work with Firefox on Windows.
5. I must be able to run the software for 1 week without crashes or other unexpected behavior.
6. Must be posted on this forum.
I think the centralization of the standard TLS infrastructure is a danger to the security of the Internet, and I think that .bit won't catch on if sites can't use TLS. Implementing TLS for .bit in a user-friendly way would help solve both issues.
If unclaimed, this bounty will expire at 11:59PM UTC, March 31, 2013.
(Warning for candidates: the latest binaries of NMCSocks crash periodically on Windows [at least for me], so if you use that code as your base, you'll need to make sure that it can meet requirement 5 above.)
If clarifications are needed about what I'm requesting, just ask. (This is the first bounty I've offered, so if I've made an oversight, please point it out and I'll correct.)
Thanks!
EDIT: total pledges:
1 BTC - biolizard89
1 BTC - phelix
1 BTC - Namecoin Marketing and Development Fund
Two two-letter .bit domains ( https://bitcointalk.org/index.php?topic=66212 ) - phelix
EDIT 2: All pledges extended to July 31, 2013.
As of now, I am claiming the bounty. Source code is at https://github.com/JeremyRand/Convergence/tree/namecoin ; an XPI installer is at http://veclabs.fuzziqersoftware.com/fil ... _06_11.xpi . You'll need Firefox, nmcontrol, and namecoind; see the documentation at GitHub.
This wasn't particularly easy for me, as I'm not fluent in Firefox extensions, but I'm pretty good at Google-fu. Hopefully this generates some interest for Namecoin.
@phelix and everyone else interested -- can you test this out? I'd like to see some test reports. And, assuming this is tested and works as I think it does, how should we go about awarding the bounty? Do I just post a Bitcoin address on the forum? Never done this before....
Thanks!
It's preferable to pm me your Bitcoin address otherwise all the world can follow your coins to some extent (and mine).
Re: [3 BTC Bounty] TLS Support for .bit Domains
Another huge win for namecoin ... 2 in 2 days.
Re: [3 BTC Bounty] TLS Support for .bit Domains
I've tested it with a patched nmcontrol (to avoid updating the blockchain for now) and it works !
With the help of biolizard89, we have discovered that the support of SNI (several certificates on 1 ip) is currently broken in the Convergence plugin.
But it is really really promising
Good work biolizard89
With the help of biolizard89, we have discovered that the support of SNI (several certificates on 1 ip) is currently broken in the Convergence plugin.
But it is really really promising
Good work biolizard89
NamecoinID: id/khal
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
Re: [3 BTC Bounty] TLS Support for .bit Domains
I'm on it.
nmcontrol gave me some trouble but everything is fine now. Will post about it where in the nmcontrol thread. I wonder why I have not wrapped my head around nmcontrol before.
While I think it is good to go for nmcontrol, is there a reason besides caching you are going through it and not rpcing into namecoind directly?
Everything looks very good but I would like to have a domain set up and running before I pay the bounties. Can somebody point me to how to create a fingerprint and how to set it up with apache / nginx/tornado ?
nmcontrol gave me some trouble but everything is fine now. Will post about it where in the nmcontrol thread. I wonder why I have not wrapped my head around nmcontrol before.
While I think it is good to go for nmcontrol, is there a reason besides caching you are going through it and not rpcing into namecoind directly?
Everything looks very good but I would like to have a domain set up and running before I pay the bounties. Can somebody point me to how to create a fingerprint and how to set it up with apache / nginx/tornado ?
Re: [3 BTC Bounty] TLS Support for .bit Domains
Feedback wanted :pphelix wrote:I'm on it.
nmcontrol gave me some trouble but everything is fine now. Will post about it where in the nmcontrol thread. I wonder why I have not wrapped my head around nmcontrol before.
For performance reason :p. But, it may not be justificated (I planned to enable namecoin to be shut down and launched each XX hours then export all domains to a file. Not sure how loaded file is managed, all domains loaded into nmcontrol or for each rpc call ? I don't remember. It may have a real reason :p).phelix wrote: While I think it is good to go for nmcontrol, is there a reason besides caching you are going through it and not rpcing into namecoind directly?
Search for self signed certificates, you should find what you want.phelix wrote: Everything looks very good but I would like to have a domain set up and running before I pay the bounties. Can somebody point me to how to create a fingerprint and how to set it up with apache / nginx/tornado ?
Here are my notes on how to get the fingerprint :
Info: http://baruch.siach.name/blog/posts/sha ... _ssl_cert/
Info: http://devsec.org/info/ssl-cert.html
Method 1 :
apt-get install gnutls-bin
gnutls-cli -p 443 dot-bit.bit
Method 2:
First get the raw certificate:
echo Q |openssl s_client -connect mail.example.com:443
Copy the lines from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- to a file, say cert.pem, and generate the SHA1 fingerprint using:
If you already have the certificate :
openssl x509 -in cert.pem -sha1 -noout -fingerprint
NamecoinID: id/khal
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: [3 BTC Bounty] TLS Support for .bit Domains
I used NMControl because I was hoping to use its domain lookup features to make it easier to support subdomains etc. I later found out that that feature in NMControl is incompletely implemented, so I don't try to parse subdomain fingerprints (probably not hard to do from Javascript, but this is proof of concept). Anyway, I didn't want to redo the RPC code to use namecoind, so I left it on nmcontrol. Caching isn't a big deal because Convergence can cache stuff on its own anyway, but nmcontrol's caching allows us to cache .bit fingerprints while not caching non-Namecoine site fingerprints, so it's a small bonus. Aside from that, interacting with namecoind would require entering the RPC password into Convergence, whereas nmcontrol handles this for us.
You can generate a cert using this command line: http://redmine.lighttpd.net/projects/1/ ... rtificates . Then use the command that khal provided to get its fingerprint.
I used lighttpd for testing; info on installing a cert into it is at http://redmine.lighttpd.net/projects/1/ ... SL#Details .
Also, khal and I noticed that the fingerprint has to be uppercase in your Namecoin record.
You can generate a cert using this command line: http://redmine.lighttpd.net/projects/1/ ... rtificates . Then use the command that khal provided to get its fingerprint.
I used lighttpd for testing; info on installing a cert into it is at http://redmine.lighttpd.net/projects/1/ ... SL#Details .
Also, khal and I noticed that the fingerprint has to be uppercase in your Namecoin record.
Re: [3 BTC Bounty] TLS Support for .bit Domains
I've submitted a patch to allow lowercase fingerprints too : https://github.com/khalahan/Convergence/commits/masterbiolizard89 wrote:Also, khal and I noticed that the fingerprint has to be uppercase in your Namecoin record.
NamecoinID: id/khal
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: [3 BTC Bounty] TLS Support for .bit Domains
Cool, nice work.khal wrote:I've submitted a patch to allow lowercase fingerprints too : https://github.com/khalahan/Convergence/commits/masterbiolizard89 wrote:Also, khal and I noticed that the fingerprint has to be uppercase in your Namecoin record.