Name ID

Post Reply
chrisj
Posts: 10
Joined: Mon Jul 29, 2013 8:52 am
os: mac

Name ID

Post by chrisj »

I want to start this tread to make sure I understand NameID after speaking with @domob on my introduction thread. I am more technical than the average person as I used to code when I was a kid, 15 or so year ago but still want to brush up on this so that I can communicate it to others effectively.

In terms of the user's experience:
NameID is a way to sign in to different domains across the net using a 'something you have' rather than 'something you know' security system. It is better than a proprietary federated login like Facebook and Twitter because they are private corporations and we may not want them knowing about all the sites we sign in to?

It is similar to the Yubikey or Google OTP which operates on mobile phones but again it is open source and free.

How is privacy effected? Can other people track my logins on the network?
Are there any additional benefits that I have missed?

Thank-you kindly

domob
Posts: 1129
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: Name ID

Post by domob »

Thanks for your interest! Let me try to explain what NameID does (and doesn't): Simply put, it is an OpenID identity provider - that is, as far as external sites you want to log in are concerned, it is no different than if you used your Google or StackExchange account (which are also OpenID enabled) to log into them. You enter "nameid.org" there, they contact the NameID server and check with it whether or not it thinks you are allowed to use the identity you pretend to be. The difference is however the way you actually prove to NameID that you are who you claim: By signing with your private key instead of a password. That way it is true that this system is somewhat similar to 2FA, because you need to have the namecoin wallet and also know the wallet password (assuming you have one set). However, if your local PC is compromised, than this system won't help you (which is different from 2FA on your phone, for instance, where both devices need to be compromised). This can be possibly solved by using a hardware namecoin wallet in the future, but until then the system is as safe as your namecoin keys are. However, it does protect you (somewhat) against the NameID server being compromised - then an attacker can of course use your NameID OpenID to log into foreign sites (as everyone can that compromises an OpenID identity provider server or even just its domain no matter how the system works behind-the-scenes), but he/she can't get any passwords or password hashes to brute-force or check them against rainbow tables. The NameID server knows nothing about your private keys, it just checks the signature (similarly to how Bitcoin nodes check transactions for validity but don't ever have your private key).

Regarding privacy: The NameID server knows all sites you log into, since that can't be avoided by the way OpenID works. If you trust me, I promise not to keep any logs apart from standard apache server logs, which I regularly delete usually without looking at them as long as I don't have reasonable suspicion that some attack on the server might have been attempted. The code to the site is also free software and you can check it, but of course you can't be sure that this is indeed the code I use on the server. So here's some trust required. On the other hand, a site you log into only gets to know that you use NameID, your namecoin identity name and all the information that you have put into its value field (which is public anyway). It doesn't know what other sites you log into.

If you are still concerned about the security / privacy, you can grab the code and set up your own server as your own private identity provider (or as alternative one for the community) - but note that once you use a particularl server / domain as your OpenID, you always have to use that server to get the same OpenID identity. Furthermore, an additional feature of NameID I envision for the future is that also anyone wanting to operate a web service can just take my authentification code and use it directly, so that users can log into the site without OpenID purely by their namecoin identity without any third-party in-between (and without anyone knowing they logged into the site). But this requires unfortunately support from the persons operating a web service. Note that even the browser plugin should be able to work with such external sites if they do it correctly.

Let me know if anything is still unclear, I'm not sure how understandable my explanation here was!
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

chrisj
Posts: 10
Joined: Mon Jul 29, 2013 8:52 am
os: mac

Re: Name ID

Post by chrisj »

Thanks so much, that's very clear. One of the things that's really scarce right now is trust. We spend a lot of effort on trying to work out whether we can trust one another.

One of the questions you will be asked (but which you don't have to answer now) is: why should people trust you? It comes down to your existing reputation plus the level of accountability you hold yourself to.Technology alone isn't going to make all our problems go away, we still have to work on our relationships.

I'd like to get more synopses like this one on your other projects so that I can build up press pack. PM me when you're free.

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Name ID

Post by biolizard89 »

chrisj wrote:Thanks so much, that's very clear. One of the things that's really scarce right now is trust. We spend a lot of effort on trying to work out whether we can trust one another.

One of the questions you will be asked (but which you don't have to answer now) is: why should people trust you? It comes down to your existing reputation plus the level of accountability you hold yourself to.Technology alone isn't going to make all our problems go away, we still have to work on our relationships.

I'd like to get more synopses like this one on your other projects so that I can build up press pack. PM me when you're free.
My 0.02 NMC:

When I'm asked why people should trust me, my first answer is "you shouldn't." That's why I'm a Namecoin fan; Namecoin's design doesn't require you to trust individuals, it simply requires you to trust the plurality of mining hashpower (which seems more reliable than trusting 1, or even 2-3 people). I've been pretty critical of the Namecoin.com add-ons for this reason; I think users who value their security and privacy should either wait for Convergence to support DNS lookups (coming soon, I promise) or use NMControl's DNS daemon, rather than trusting a 3rd-party proxy.

So, my take on NameID is that any website which wants to maintain its security should run their own NameID server, so that only the website itself has access to that data. This is simply the only way to handle security and privacy in an acceptable way for any kind of serious application. I think domob deserves major props for ensuring that the NameID design supports this model out-of-the-box. The problem with this setup is that the website has to run NameID, which I assume requires running namecoind. Most shared hosting services won't allow running namecoind, so this excludes a lot of smaller websites which aren't on a VPS or dedicated hosting. There's really no way around this for the moment, and if users want to trust a 3rd party to overcome this access barrier, that's their choice. I personally think it's an unwise choice (MyBitcoin, Bitcoinica, and InstaWallet come to mind).

Regardless, NameID looks like an awesome Namecoin use case. I just hope that some websites start their own servers rather than relying on a centralized point of failure.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

chrisj
Posts: 10
Joined: Mon Jul 29, 2013 8:52 am
os: mac

Re: Name ID

Post by chrisj »

biolizard89 wrote:
chrisj wrote:Thanks so much, that's very clear. One of the things that's really scarce right now is trust. We spend a lot of effort on trying to work out whether we can trust one another.

One of the questions you will be asked (but which you don't have to answer now) is: why should people trust you? It comes down to your existing reputation plus the level of accountability you hold yourself to.Technology alone isn't going to make all our problems go away, we still have to work on our relationships.

I'd like to get more synopses like this one on your other projects so that I can build up press pack. PM me when you're free.
My 0.02 NMC:

When I'm asked why people should trust me, my first answer is "you shouldn't." That's why I'm a Namecoin fan; Namecoin's design doesn't require you to trust individuals, it simply requires you to trust the plurality of mining hashpower (which seems more reliable than trusting 1, or even 2-3 people). I've been pretty critical of the Namecoin.com add-ons for this reason; I think users who value their security and privacy should either wait for Convergence to support DNS lookups (coming soon, I promise) or use NMControl's DNS daemon, rather than trusting a 3rd-party proxy.

So, my take on NameID is that any website which wants to maintain its security should run their own NameID server, so that only the website itself has access to that data. This is simply the only way to handle security and privacy in an acceptable way for any kind of serious application. I think domob deserves major props for ensuring that the NameID design supports this model out-of-the-box. The problem with this setup is that the website has to run NameID, which I assume requires running namecoind. Most shared hosting services won't allow running namecoind, so this excludes a lot of smaller websites which aren't on a VPS or dedicated hosting. There's really no way around this for the moment, and if users want to trust a 3rd party to overcome this access barrier, that's their choice. I personally think it's an unwise choice (MyBitcoin, Bitcoinica, and InstaWallet come to mind).

Regardless, NameID looks like an awesome Namecoin use case. I just hope that some websites start their own servers rather than relying on a centralized point of failure.
Yes, this is all good. With the proof of work model it is more profitable to be honest than dishonest; this stands in stark contrast to the legacy banking system which rewards fraud more than truth. Now on that basis I can trust the protocol so that I don't have to trust strangers however over time I am going to want to build long term trust with the people within my community. And if someone in that community is hosting a server which will contain their private information some level of trust and accountability will be necessary, as seems to be the case with NameID.

In any case I think this project is hugely undervalued and I really want to help it get recognised so please let's keep this conversation lively as the better I understand it the better I can communicate it to others.

domob
Posts: 1129
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: Name ID

Post by domob »

biolizard89 wrote:When I'm asked why people should trust me, my first answer is "you shouldn't." That's why I'm a Namecoin fan; Namecoin's design doesn't require you to trust individuals, it simply requires you to trust the plurality of mining hashpower (which seems more reliable than trusting 1, or even 2-3 people). I've been pretty critical of the Namecoin.com add-ons for this reason; I think users who value their security and privacy should either wait for Convergence to support DNS lookups (coming soon, I promise) or use NMControl's DNS daemon, rather than trusting a 3rd-party proxy.
I totally agree here. I'm already really looking forward to when Convergence supports DNS lookups! I tried out the NMControl DNS server, but for some reason it worked only sometimes for me. BTW (and sorry for being off-topic), what exactly will Convergence do, just intercept all requests and resolve .bit URIs to the ones pointing to bare IPs? I'm asking because I usually browse with Tor enabled for most sites, and am interested in whether Convergence browsing of .bit domains will interfer with it. If I access a .bit domain with Convergence once this is implemented, will the browser still contact the IP behind it with its ordinary proxy settings (e. g. over Tor in my case)?
biolizard89 wrote:So, my take on NameID is that any website which wants to maintain its security should run their own NameID server, so that only the website itself has access to that data. This is simply the only way to handle security and privacy in an acceptable way for any kind of serious application. I think domob deserves major props for ensuring that the NameID design supports this model out-of-the-box. The problem with this setup is that the website has to run NameID, which I assume requires running namecoind. Most shared hosting services won't allow running namecoind, so this excludes a lot of smaller websites which aren't on a VPS or dedicated hosting. There's really no way around this for the moment, and if users want to trust a 3rd party to overcome this access barrier, that's their choice. I personally think it's an unwise choice (MyBitcoin, Bitcoinica, and InstaWallet come to mind).
To be honest, so far I have not yet "actively" worked towards enabling sites to run their own namecoin login service - but when I find time, I'll do that. Looking at the code again to separate the OpenID stuff even more (if that is necessary) so that it is easy to pick just the authenticator alone will be a first step (although I think it should already be pretty separated), and maybe even writing a small documentation file about how to set up your own server to conclude it. That's definitely on my agenda, because I really agree that it would be awesome if sites allowed to login directly with namecoin! (I was a fan of TLS client certificate login once I learned about it, but now with namecoin this works even better.)

Regarding namecoind: At the moment, NameID performs namecoin operations by forking off a process using the "namecoind" client binary - but I'm also thinking about rewriting the code to use a direct HTTP connection from PHP to the RPC server (as the add-on does, my Bitmessage patch or also Convergence), then one could point it in theory to a third-party RPC server. This would allow one to run such a site on every hoster, as long as one has at least some namecoin RPC server running somewhere which is trusted. This is of course not ideal, but may be better than having no option at all.
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Name ID

Post by biolizard89 »

domob wrote:
biolizard89 wrote:When I'm asked why people should trust me, my first answer is "you shouldn't." That's why I'm a Namecoin fan; Namecoin's design doesn't require you to trust individuals, it simply requires you to trust the plurality of mining hashpower (which seems more reliable than trusting 1, or even 2-3 people). I've been pretty critical of the Namecoin.com add-ons for this reason; I think users who value their security and privacy should either wait for Convergence to support DNS lookups (coming soon, I promise) or use NMControl's DNS daemon, rather than trusting a 3rd-party proxy.
I totally agree here. I'm already really looking forward to when Convergence supports DNS lookups! I tried out the NMControl DNS server, but for some reason it worked only sometimes for me. BTW (and sorry for being off-topic), what exactly will Convergence do, just intercept all requests and resolve .bit URIs to the ones pointing to bare IPs? I'm asking because I usually browse with Tor enabled for most sites, and am interested in whether Convergence browsing of .bit domains will interfer with it. If I access a .bit domain with Convergence once this is implemented, will the browser still contact the IP behind it with its ordinary proxy settings (e. g. over Tor in my case)?
Right now, it depends on whether the site is HTTP or HTTPS. For HTTPS sites, Convergence runs its own proxy which verifies the TLS certificate, and that proxy will detect .bit hosts and redirect the outgoing socket to the correct IP. The Convergence proxy supports connecting to outgoing sockets through another proxy (e.g. Tor), so HTTPS .bit sites will work fine over Tor. (Not tested, but should work.) The Convergence proxy (right now) doesn't support HTTP connections, so I instead trick Firefox into connecting to the correct IP by resolving the .bit domain and using the resulting IP as an HTTP proxy. Due to the way HTTP works, this works fine. However, Firefox does not support proxy chaining, so all HTTP .bit sites won't be able to use proxies. Obviously, I'm not happy about this (I'd much rather be able to use Tor for everything), so I'm investigating potential workarounds. I think the best solution may be to modify the Convergence proxy so that it can handle HTTP requests... I haven't thoroughly figured out how hard this would be, but at first glance it doesn't look really hard.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

Post Reply