
Introducing the dotDNS metaTLD - Riseed
http://blog.okturtles.com/2014/02/introducing-the-dotdns-metatld/
======
chimeracoder
> dot-DNS makes secure JavaScript apps possible

> today’s JavaScript apps are at the mercy of the security provided by web
> browsers, which are incapable of distinguishing a secure SSL/TLS connection
> from one that’s being man-in-the-middle‘d (MITM) by an actor “with a
> privileged network position.”

This section title makes no sense.

There are lot of reasons that Javascript is bad for cryptographic use (which
have been enumerated at length by others with far more experience in the
field, like tptacek). But this isn't really one of them - or at least, it's
not specific to Javascript.

 _Any_ application that makes an HTTP(s) connection is incapable of
distinguishing between one that is secure with one that is being MITMed -
that's the definition of an MITM attack. Certificate pinning (which is good)
is simply a way of making it harder for a connection to be MITMed. If browser
has pinned the certificate for a particular website, the only way to MITM it
is to compromise the actual private key itself, and use _that_ to fake a
secure connection. (This is of course not what people usually mean when they
talk about MITM attacks, but it fits the same basic structure as one).

~~~
pera
> This section title makes no sense.

I agree

> There are lot of reasons that Javascript is bad for cryptographic use

Wrong. Javascript is a language, the problem is the platform: client-side
scripting is dangerous, but add-on or server-side through Node.js could be
fine.

~~~
hdevalence
The aforementioned article discusses why there are problems with Javascript
itself, e.g., the difficulty in protecting against timing attacks.

~~~
pera
Yet not every cryptosystem is affected by timing attacks.

------
tptacek
_Certificate pinning cannot stop this type of mass-surveillance. It is a band-
aid that some companies use to mitigate the problem for their specific
applications._

PKP is obviously a band-aid, and nobody involved with it says otherwise; it's
a static list delivered with browsers. But the idea of pinning scales just
fine and isn't simply a band-aid. The TACK proposal allows every site to
assert their own pins, and does in fact largely mitigate the risks of
compromised certificate authority.

[https://tools.ietf.org/html/draft-perrin-tls-
tack-02](https://tools.ietf.org/html/draft-perrin-tls-tack-02)

It's disingenuous to argue that Google and Mozilla implement PKP simply to
protect their own properties. They protect many properties other than their
own.

~~~
higherpurpose
But Google and Mozilla aren't implementing TACK, are they?

~~~
tptacek
The code exists for NSS. There are multiple CA mitigation technologies under
consideration right now. CT seems to be the priority. Watch Chris Palmer's
TrustyCon presentation for more details.

~~~
itistoday2
_There are multiple CA mitigation technologies under consideration right now._

Do these "mitigation technologies" require us to continue paying CAs
protection money? From what I read about TACK, it seems like it doesn't
require that, but what's actually being done?

~~~
MichaelGG
"Protection money" meaning paying for them to run a CA infrastructure, handle
audits, and verify identity as per requirements? (Admittedly, "domain control"
verification is sorta useless and completely automated.) Are HSMs and all
these people supposed to just be paid on goodwill?

Not that some CAs aren't overpriced, but calling it "protection money" is just
silly. You're free to go use your own CA. Once you've got it all setup and
meet criteria, I'm sure Mozilla and others will let you in.

~~~
hueving
It's just protection money. No regular user actually cares about EV certs. The
lowest thing that passes validation (domain validated certs) is fine and
that's trivially automated.

The exorbitant fees are a joke that don't result in any improved security for
the end user.

~~~
Karunamon
I'm not so sure about that, the way the browser vendors and companies beat it
into their user's heads to look for the green bar with the company name on it.

Granted, it's still a scam. "Pay us money or all your customer's browsers will
get scary and misleading error messages!"

~~~
MichaelGG
The browser message is _not_ misleading. A untrusted cert is indistinguishable
from a MiTM attack.

~~~
Karunamon
and 99.99999999% of the time, a self signed cert represents... not much of
anything, other than the fact that a site owner declined the to pay the PKI
racket's protection money.

And even if we ignore that, the whole "EV Cert" thing _is_ a total sham. All
the EV cert does is indicate that you overpaid for it.

------
nwh
Namecoin unfortunately does not scale. You can't have lite clients, just an
ever growing multi gigabyte database on every device you wish to use it on.
Relying on a remote party to securely store and relay the blockchain to you is
foolhardy, at best you're trusting a remote DNS server that can be MITM'd
itself (the dotDNS system doesn't provide signing requests only encrypting).

It's a nice idea but inherently unusable in almost any circumstance.

~~~
MWil
it does say any block chain can be used

~~~
nwh
To what end? You could abusively embed data in the Bitcoin blockchain (20GB),
or use the Namecoin blockchain, or any multitude of altcoins with useless
security that nobody has even heard of before. The end result is always the
same; you can prove data exists but you can't _trustlessly_ prove it hasn't
changed without the entire blockchain.

~~~
itistoday2
> _The end result is always the same; you can prove data exists but you can 't
> trustlessly prove it hasn't changed without the entire blockchain._

This project (DNSChain), uses the entire blockchain, so it's all good. And no,
you don't need to store it on your phone as has been explained in other
comments here, on the blog, and on the github page.

------
nieve
Does anyone who's got some background with DNSSEC
([https://en.wikipedia.org/wiki/Dnssec](https://en.wikipedia.org/wiki/Dnssec))
feel like comparing DNSChain to the basic idea of embedding certificates or
signatures in authenticated DNS records? We've had a lot of different
proposals for the latter over the years and my impression is their lack of
adoption hasn't been because DNSSEC is fundamentally broken (though it is
flawed in several ways). AFAICT it breaks down like this:

Against DNSSEC + certificate records:

1) There's a centralized PKI administration issue, but less so than the
current CA morass 2) Administrative/rubber hose/legal/monetary compromise of
the DNS root administrators (currently US NTIA) would allow substitution of
the TLD keys, but this would be blatantly obvious to every organization or
individual paying attention 3) DNSSEC has some annoying properties with regard
to name enumeration and such 4) Need to either use a primary resolver that
supports DNSSEC (Google Public DNS and Comcast, among others) or do a separate
query to one who does

For:

5) Minimal extra infrastructure, already supported in some libraries 6)
Extremely cacheable with low resource requirements (root & TLD keys, MRU/MFU
certs) 7) No need to add a new dependency on a previously untrusted source of
code and crypto data 8) As long as the parent TLD has deployed DNSSEC the
organization only needs to get their key set up, add a theoretical cert
record, and sign records as needed.

I think issues 1 & 2 are at least as big a problem with DNSChain because in
practice the hand-waving of how you pick a trusted DNSChain chain is ignoring
a huge class of vulnerabilities. Issue 4 is still a win over implementing a
large chunk of infrastructure or trusting okTurtles'. The "just use
Javascript" bit seems to apply equally to either, though I guess the _query_
portion of DNSChain is relatively simple.

------
rsync
I'm very interested in this project.

However, the first thing I think of when I see:

"We’ve taken several important steps on the road to making “NSA-proof
communication” on your favorite websites possible."

is that a lot of use cases involve mobile phones (of course) which have _two
other computers_ [1] inside of them that you have no control over and are
regularly used to manipulate[2] your android/ios environment out from under
you.

I love to see these pieces coming together to form a more secure ecosystem,
but it's really one step forward and two steps back as long as we don't have
an open baseband and sim card OS, etc.

[1] the baseband processor and the SIM card

[2] OTA updates

~~~
higherpurpose
The OTA updates one is such a tricky issue. What's more important? Not being
able to fix bugs in hundreds of millions of devices for a long time (or at
all), which NSA is going to use and abuse anyway, or worrying that one vendor
will try to push an NSA backdoor to hundreds of millions of devices?

I think the best compromise for that is to have OTA updates but the source of
the software being upgraded needs to be open source, so at least there's a
disincentive to backdoor it and also the possibility of finding the backdoor
inside the new update.

As for the baseband processor, we need to keep poking at Qualcomm and others
to open source their modem firmware, and then vote with your wallet.

Getting a SIM card with an open source OS is probably going to take a while,
although Google is in a very good position to push for that right now, since
their OS is so dominant in the mobile market, so it's probably Google the one
we need to nag to get it.

------
hangonhn
I've tried reading the site and even the blockchain article but I can't put
the two together. How is blockchains being used to secure communications?

~~~
itistoday2
They allow secure, distributed and decentralized public key distribution.

~~~
hangonhn
How?

I understand how blockchains can be used to trace the history of transactions
back to the root but I don't see how that can be used to do secure key
distribution.

Assuming everyone trusts the root block, how does that trust get transmitted
down to subsequent blocks?

~~~
itistoday2
Read the links in the post and the website. Here's one of them that directly
answers your question:

[http://www.aaronsw.com/weblog/squarezooko](http://www.aaronsw.com/weblog/squarezooko)

~~~
hangonhn
Every time I read an article by Swartz I feel our community' lost all over
again. :-(

------
icantthinkofone
Claims "NSA-proof communication" but what about KGB, MI5, BND, whatever the
Chinese call themselves, and everyone else? They're all doing it, too.
(Assuming you think they care about you at all.)

