Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: BitDNS and Generalizing Bitcoin
by
da2ce7
on 16/12/2010, 16:40:55 UTC
@ribuck

Certificate Authority's work by having a 'master private key' that signs people public keys.  The CA (should) check that the public key indeed belongs to the person it claims to belong to.

Such as CA > signs > address.com key.

Web browsers have the public  keys of many CA's installed by default, when a browser comes across a sight that has a public key it
1. Checks if the public key matches the address of the site.
2. Checks if any of the known CA's public keys match the signature included with the sites public key.
3. Checks if the public key hasn't been revoked or expired.

This entire system revolves around the trust that the user has for the CA's.
The problem is that in practice CA's sign anything, including adversaries, so valid sites owned by evil people get accepted in the browser.  But, worse. CA's sign public keys of sites that already have an active private key to 3rd parties (such as governments).  This allows man-in-the-middle attacks that cannot be easily detected, as to the browser the site is perfectly valid.  However in practice it is just a proxy of a site.


The solution to this major mess that we are in is to get rid of the CA!  We let people 'tie' a public key to something that is human rememberable, (such as a user name, or a DNS name).

1.  The owner of Site A, create a private/public key pair, this par contains a Public Key.  The owner then Hashes the public key and creates Hash(KeyA).
2.  The owner of Site A then creates a new BitDNS transaction that contains "SiteA" and Hash(KeyA).
3.  A user looks up Site A in the BitDNS record and gains it's IP address AND Hash(KeyA)
4.  Then this user, navigates to Site A's IP address, and is sent Key A, and a signed welcome message.
5.  The user checks if Hash(BitDNS KeyA) == Hash of (IP KeyA).  If this is true, then a man-in-the-middle attack is impossible.

For an adversaries to pretend to be Site A, they must re-write the entire block chain from the point that Site A was registered.  This process would be very public, and Site A would quickly work out that it has been attacked.

I believe this system is very secure, and to my knowledge no easy attack has been devised.