📅 Original date posted:2011-07-26
🗒️ Summary of this message: DNS-based resolving for Bitcoin addresses is risky due to potential MITM attacks. DNSSEC is not a solution. HTTPS is a better option with no significant drawbacks.
📝 Original message:[snip]
> I totally agree, however I don't think DNS-based resolving is a good
> idea here. HTTPS does have several advantages over a DNSSEC-based
> solution without any significant drawbacks that I can see.
To restate your (con dnssec) points:
o DNS resolution of bitcoin addresses is bad because of potential
MITM attacks
o DNSSEC is not a security measure for mitigating DNS resolution of
bitcoin addresses
because the application would require its own dnssec enabled stub resolver
Please restate
o HTTPS is your preferred method for resolution because?
If you can enumerate your advantages so I can develop a proper
response to the points you have raised.
thanks,
-rick
Rick Wesson [ARCHIVE] /
npub1xz…2925u
2023-06-07 02:07:53
in reply to nevent1q…amm3
Author Public Key
npub1xz8q68hmzur6c6uje593nscy3q4njx05h4vnxmz2wxxptx7u7casl2925uPublished at
2023-06-07 02:07:53Event JSON
{
"id": "a144209e3a3a5b48397b35f69d73d64b673e9efd4f5314d4ef1e0c6578afba02",
"pubkey": "308e0d1efb1707ac6b92cd0b19c304882b3919f4bd59336c4a718c159bdcf63b",
"created_at": 1686103673,
"kind": 1,
"tags": [
[
"e",
"8fd54e24bd93fd7d9d848a64b03950f07049907bb67ea5380cfd81c7de7d119c",
"",
"root"
],
[
"e",
"770e79f28c61842bdf1318c26c358f375759ff2a3f0a4b7e141371aa4e4b37af",
"",
"reply"
],
[
"p",
"cd753aa8fbc112e14ffe9fe09d3630f0eff76ca68e376e004b8e77b687adddba"
]
],
"content": "📅 Original date posted:2011-07-26\n🗒️ Summary of this message: DNS-based resolving for Bitcoin addresses is risky due to potential MITM attacks. DNSSEC is not a solution. HTTPS is a better option with no significant drawbacks.\n📝 Original message:[snip]\n\n\u003e I totally agree, however I don't think DNS-based resolving is a good\n\u003e idea here. HTTPS does have several advantages over a DNSSEC-based\n\u003e solution without any significant drawbacks that I can see.\n\nTo restate your (con dnssec) points:\n o DNS resolution of bitcoin addresses is bad because of potential\nMITM attacks\n o DNSSEC is not a security measure for mitigating DNS resolution of\nbitcoin addresses\n because the application would require its own dnssec enabled stub resolver\n\nPlease restate\n o HTTPS is your preferred method for resolution because?\n\nIf you can enumerate your advantages so I can develop a proper\nresponse to the points you have raised.\n\nthanks,\n\n-rick",
"sig": "cd4b9c9b0ab7753fe93e3dc04ec8604dbd4538df8e94edd208864e0a40fa576d1ef3b703b98c647f54dd464858b0b6f707b73f6ecd9da451367be1199b3dd344"
}