š
Original date posted:2011-07-26
šļø Summary of this message: Implementing DNS resolution is easier than properly checking HTTPS certificate chains, which is vulnerable to attacks like self-signed certificates. DNSSEC is not a good solution for Bitcoin address communication.
š Original message:dns resolution is far simpler to implement than properly checking the https certificate chain
Matt Corallo <bitcoin-list at bluematt.me> wrote:
>For some reason my mail client is being thick and not responding
>on-list, sorry about that...
>
>On Tue, 2011-07-26 at 08:34 -0700, Rick Wesson wrote:
>> > Most OSes dont do any resolving at all, they just query upstream
>> > resolvers. In the case of the coffee shop, that upstream resolver is
>> > the attacker. This attacker can easily just claim that the zone you
>> > requested is not DNSSEC signed and return their data and the OS will not
>> > be any wiser. AFAIK, most OSes dont have a mechanism to require the
>> > zone queried is DNSSEC signed meaning you have to implement a full DNS
>> > resolver in Bitcoin in order for it to be secure.
>>
>> Matt,
>>
>> The same attack can apply to https with a self signed cert where it is
>> the A record that is replaced by the attacker and the https request is
>> sent to evil.com's server which responds to the request with an answer
>> in the form you expect. This is what lots of malware does on windows
>> to steel bank login credentials, securing http doesn't prevent such an
>> attack.
>If you are using a self-signed cert to do any kind of important data
>transfer you are just being stupid. Here I am assuming your computer
>isnt actually compromised, but only the network is, which I think is a
>fairly good assumption.
>>
>> Windows has supported DNSSEC since 2008 as have most of the unix
>> variants, mac osx since 10.3 Android also seems to include DNSSEC
>> capable resolvers.
>>
>> If this thread is really about DNSSEC then we might move it to a more
>> appropriate forum for discussing how applications leverage DNS
>> security extensions. Its taken some years to get the specs done and
>> the root signed I expect it to take many more to enable the
>> applications to leverage the deployed infrastructure.
>No, DNSSEC is very well done, this thread is specifically about the
>security implications of using DNSSEC for Bitcoin address communication.
>IMO it is not a good idea, as for it to be secure against a coffee-shop
>network MITMer you have to implement a full resolver with root trust
>anchors and knowledge of root servers in Bitcoin, which does not seem
>like a good idea.
>>
>> I am interested in working on the issues surrounding usability and I
>> find that remembering and communicating a bitcoin address are current
>> limiting factors in the acceptance and deployment of this software. My
>> goal is for simpler user experience.
>I totally agree, however I don't think DNS-based resolving is a good
>idea here. HTTPS does have several advantages over a DNSSEC-based
>solution without any significant drawbacks that I can see.
>
>Matt
>
>------------------------------------------------------------------------------
>Magic Quadrant for Content-Aware Data Loss Prevention
>Research study explores the data loss prevention market. Includes in-depth
>analysis on the changes within the DLP market, and the criteria used to
>evaluate the strengths and weaknesses of these DLP solutions.
>http://www.accelacomm.com/jaw/sfnl/114/51385063/
>_______________________________________________
>Bitcoin-development mailing list
>Bitcoin-development at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/bitcoin-development
phantomcircuit [ARCHIVE] /
npub149ā¦9fa6r
2023-06-07 02:07:59
in reply to nevent1qā¦95h3
Author Public Key
npub149n46fsfqq6sfgk4szkf7jute2aax9rl4nmefe2s8pwqj4egq3uqw9fa6rPublished at
2023-06-07 02:07:59Event JSON
{
"id": "aa59efcd5c3b2d028a093a380dcc34a23cdbfd32068877f7f261328162b87c98",
"pubkey": "a9675d2609003504a2d580ac9f4b8bcabbd3147facf794e550385c0957280478",
"created_at": 1686103679,
"kind": 1,
"tags": [
[
"e",
"8fd54e24bd93fd7d9d848a64b03950f07049907bb67ea5380cfd81c7de7d119c",
"",
"root"
],
[
"e",
"0b4d1e63a440c0aba291acfffa1d98b0191e7323b35a284ebb5e8a335dfc3cfd",
"",
"reply"
],
[
"p",
"cd753aa8fbc112e14ffe9fe09d3630f0eff76ca68e376e004b8e77b687adddba"
]
],
"content": "š
Original date posted:2011-07-26\nšļø Summary of this message: Implementing DNS resolution is easier than properly checking HTTPS certificate chains, which is vulnerable to attacks like self-signed certificates. DNSSEC is not a good solution for Bitcoin address communication.\nš Original message:dns resolution is far simpler to implement than properly checking the https certificate chain\n\nMatt Corallo \u003cbitcoin-list at bluematt.me\u003e wrote:\n\n\u003eFor some reason my mail client is being thick and not responding\n\u003eon-list, sorry about that...\n\u003e\n\u003eOn Tue, 2011-07-26 at 08:34 -0700, Rick Wesson wrote:\n\u003e\u003e \u003e Most OSes dont do any resolving at all, they just query upstream\n\u003e\u003e \u003e resolvers. In the case of the coffee shop, that upstream resolver is\n\u003e\u003e \u003e the attacker. This attacker can easily just claim that the zone you\n\u003e\u003e \u003e requested is not DNSSEC signed and return their data and the OS will not\n\u003e\u003e \u003e be any wiser. AFAIK, most OSes dont have a mechanism to require the\n\u003e\u003e \u003e zone queried is DNSSEC signed meaning you have to implement a full DNS\n\u003e\u003e \u003e resolver in Bitcoin in order for it to be secure.\n\u003e\u003e \n\u003e\u003e Matt,\n\u003e\u003e \n\u003e\u003e The same attack can apply to https with a self signed cert where it is\n\u003e\u003e the A record that is replaced by the attacker and the https request is\n\u003e\u003e sent to evil.com's server which responds to the request with an answer\n\u003e\u003e in the form you expect. This is what lots of malware does on windows\n\u003e\u003e to steel bank login credentials, securing http doesn't prevent such an\n\u003e\u003e attack.\n\u003eIf you are using a self-signed cert to do any kind of important data\n\u003etransfer you are just being stupid. Here I am assuming your computer\n\u003eisnt actually compromised, but only the network is, which I think is a\n\u003efairly good assumption.\n\u003e\u003e \n\u003e\u003e Windows has supported DNSSEC since 2008 as have most of the unix\n\u003e\u003e variants, mac osx since 10.3 Android also seems to include DNSSEC\n\u003e\u003e capable resolvers.\n\u003e\u003e \n\u003e\u003e If this thread is really about DNSSEC then we might move it to a more\n\u003e\u003e appropriate forum for discussing how applications leverage DNS\n\u003e\u003e security extensions. Its taken some years to get the specs done and\n\u003e\u003e the root signed I expect it to take many more to enable the\n\u003e\u003e applications to leverage the deployed infrastructure.\n\u003eNo, DNSSEC is very well done, this thread is specifically about the\n\u003esecurity implications of using DNSSEC for Bitcoin address communication.\n\u003eIMO it is not a good idea, as for it to be secure against a coffee-shop\n\u003enetwork MITMer you have to implement a full resolver with root trust\n\u003eanchors and knowledge of root servers in Bitcoin, which does not seem\n\u003elike a good idea.\n\u003e\u003e \n\u003e\u003e I am interested in working on the issues surrounding usability and I\n\u003e\u003e find that remembering and communicating a bitcoin address are current\n\u003e\u003e limiting factors in the acceptance and deployment of this software. My\n\u003e\u003e goal is for simpler user experience.\n\u003eI totally agree, however I don't think DNS-based resolving is a good\n\u003eidea here. HTTPS does have several advantages over a DNSSEC-based\n\u003esolution without any significant drawbacks that I can see.\n\u003e\n\u003eMatt\n\u003e\n\u003e------------------------------------------------------------------------------\n\u003eMagic Quadrant for Content-Aware Data Loss Prevention\n\u003eResearch study explores the data loss prevention market. Includes in-depth\n\u003eanalysis on the changes within the DLP market, and the criteria used to\n\u003eevaluate the strengths and weaknesses of these DLP solutions.\n\u003ehttp://www.accelacomm.com/jaw/sfnl/114/51385063/\n\u003e_______________________________________________\n\u003eBitcoin-development mailing list\n\u003eBitcoin-development at lists.sourceforge.net\n\u003ehttps://lists.sourceforge.net/lists/listinfo/bitcoin-development",
"sig": "e5f10dc4cad2490650e151d9d8376b842ddb07cdbcfd5a36d83fa3bd5ddaf2fc11c25dd817f3a23d1f04d6bf1aca993948d04b2f55de4e9823a1a6fb3d7ec043"
}