Re: [3 BTC Bounty] TLS Support for .bit Domains
Posted: Sun Apr 07, 2013 9:42 am
Keep on developing this wonderful project.
It has future.
We should make some fund raising also.
It has future.
We should make some fund raising also.
The first secure, decentralized, human-meaningful naming system.
https://forum.namecoin.org/
Hey everyone,biolizard89 wrote:NMCSocks has some partial support for TLS, but there are no binaries, and as far as I can tell no one was able to make it build. It's discontinued, so it's doubtful that that code will be fixed/finished.
I am pledging a 1 BTC bounty to the first developer to implement the TLS feature of the .bit 2.0 spec. Requirements (all must be met for the bounty to be awarded):
1. TLS support implemented as described in the .bit 2.0 spec.
2. Source code (under open source license) with build instructions. (Someone must be able to verify that the source code is buildable.)
3. Windows binary. (Obviously Linux/OSX binaries would be awesome, but not a requirement.)
4. Instructions for making it work with Firefox on Windows.
5. I must be able to run the software for 1 week without crashes or other unexpected behavior.
6. Must be posted on this forum.
I think the centralization of the standard TLS infrastructure is a danger to the security of the Internet, and I think that .bit won't catch on if sites can't use TLS. Implementing TLS for .bit in a user-friendly way would help solve both issues.
If unclaimed, this bounty will expire at 11:59PM UTC, March 31, 2013.
(Warning for candidates: the latest binaries of NMCSocks crash periodically on Windows [at least for me], so if you use that code as your base, you'll need to make sure that it can meet requirement 5 above.)
If clarifications are needed about what I'm requesting, just ask. (This is the first bounty I've offered, so if I've made an oversight, please point it out and I'll correct.)
Thanks!
EDIT: total pledges:
1 BTC - biolizard89
1 BTC - phelix
1 BTC - Namecoin Marketing and Development Fund
Two two-letter .bit domains ( https://bitcointalk.org/index.php?topic=66212 ) - phelix
EDIT 2: All pledges extended to July 31, 2013.
Woohaa. Sounds great. Give me (and others) a couple of days to take a look. In the meantime you might want to choose your domains from here: https://bitcointalk.org/index.php?topic=66212biolizard89 wrote:Hey everyone,biolizard89 wrote:NMCSocks has some partial support for TLS, but there are no binaries, and as far as I can tell no one was able to make it build. It's discontinued, so it's doubtful that that code will be fixed/finished.
I am pledging a 1 BTC bounty to the first developer to implement the TLS feature of the .bit 2.0 spec. Requirements (all must be met for the bounty to be awarded):
1. TLS support implemented as described in the .bit 2.0 spec.
2. Source code (under open source license) with build instructions. (Someone must be able to verify that the source code is buildable.)
3. Windows binary. (Obviously Linux/OSX binaries would be awesome, but not a requirement.)
4. Instructions for making it work with Firefox on Windows.
5. I must be able to run the software for 1 week without crashes or other unexpected behavior.
6. Must be posted on this forum.
I think the centralization of the standard TLS infrastructure is a danger to the security of the Internet, and I think that .bit won't catch on if sites can't use TLS. Implementing TLS for .bit in a user-friendly way would help solve both issues.
If unclaimed, this bounty will expire at 11:59PM UTC, March 31, 2013.
(Warning for candidates: the latest binaries of NMCSocks crash periodically on Windows [at least for me], so if you use that code as your base, you'll need to make sure that it can meet requirement 5 above.)
If clarifications are needed about what I'm requesting, just ask. (This is the first bounty I've offered, so if I've made an oversight, please point it out and I'll correct.)
Thanks!
EDIT: total pledges:
1 BTC - biolizard89
1 BTC - phelix
1 BTC - Namecoin Marketing and Development Fund
Two two-letter .bit domains ( https://bitcointalk.org/index.php?topic=66212 ) - phelix
EDIT 2: All pledges extended to July 31, 2013.
As of now, I am claiming the bounty. Source code is at https://github.com/JeremyRand/Convergence/tree/namecoin ; an XPI installer is at http://veclabs.fuzziqersoftware.com/fil ... _06_11.xpi . You'll need Firefox, nmcontrol, and namecoind; see the documentation at GitHub.
This wasn't particularly easy for me, as I'm not fluent in Firefox extensions, but I'm pretty good at Google-fu. Hopefully this generates some interest for Namecoin.
@phelix and everyone else interested -- can you test this out? I'd like to see some test reports. And, assuming this is tested and works as I think it does, how should we go about awarding the bounty? Do I just post a Bitcoin address on the forum? Never done this before....
Thanks!
Feedback wanted :pphelix wrote:I'm on it.
nmcontrol gave me some trouble but everything is fine now. Will post about it where in the nmcontrol thread. I wonder why I have not wrapped my head around nmcontrol before.
For performance reason :p. But, it may not be justificated (I planned to enable namecoin to be shut down and launched each XX hours then export all domains to a file. Not sure how loaded file is managed, all domains loaded into nmcontrol or for each rpc call ? I don't remember. It may have a real reason :p).phelix wrote: While I think it is good to go for nmcontrol, is there a reason besides caching you are going through it and not rpcing into namecoind directly?
Search for self signed certificates, you should find what you want.phelix wrote: Everything looks very good but I would like to have a domain set up and running before I pay the bounties. Can somebody point me to how to create a fingerprint and how to set it up with apache / nginx/tornado ?
Info: http://baruch.siach.name/blog/posts/sha ... _ssl_cert/
Info: http://devsec.org/info/ssl-cert.html
Method 1 :
apt-get install gnutls-bin
gnutls-cli -p 443 dot-bit.bit
Method 2:
First get the raw certificate:
echo Q |openssl s_client -connect mail.example.com:443
Copy the lines from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- to a file, say cert.pem, and generate the SHA1 fingerprint using:
If you already have the certificate :
openssl x509 -in cert.pem -sha1 -noout -fingerprint
I've submitted a patch to allow lowercase fingerprints too : https://github.com/khalahan/Convergence/commits/masterbiolizard89 wrote:Also, khal and I noticed that the fingerprint has to be uppercase in your Namecoin record.
Cool, nice work.khal wrote:I've submitted a patch to allow lowercase fingerprints too : https://github.com/khalahan/Convergence/commits/masterbiolizard89 wrote:Also, khal and I noticed that the fingerprint has to be uppercase in your Namecoin record.