📅 Original date posted:2011-12-18 🗒️ Summary of this message: Using DNS-based ...

Why Nostr? What is Njump?

Pieter Wuille [ARCHIVE] /

npub1tj…jtl6r

2023-06-07 04:44:07

in reply to nevent1q…6nm0

📅 Original date posted:2011-12-18
🗒️ Summary of this message: Using DNS-based alias systems for Bitcoin payments is vulnerable to spoofing. One solution is to embed a Bitcoin address in the identification string itself.
📝 Original message:On Mon, Dec 19, 2011 at 12:58:37AM +0100, slush wrote:
> Maybe I'm retarded, but where's the point in providing alliases containing
> yet another hash in URL?

Any DNS-based alias system is vulnerable to spoofing. If I can make people's
DNS server believe that mining.cz points to my IP, I'll receive payments to
you...

If no trusted CA is used to authenticate the communication, there is no way
to be sure the one you are asking how to pay, is the person you want to pay.
Therefore, one solution is to put a bitcoin address in the identification
string itself, and requiring SSL communication authenticated using the
respective key.

This makes the identification strings obviously less useful as aliases,
but pure aliases in the sense of human-typable strings have imho
limited usefulness anyway - in most cases these identification strings
will be communicated through other electronic means anyway.

Furthermore, the embedded bitcoin address could be hidden from the user:
retrieved when first connecting, and stored together with the URI in
an address book. Like ssh, it could warn the user if the key changes
(which wil be ignored by most users anyway, but what do you do about
that?)

--
Pieter

Author Public Key

npub1tjephawh7fdf6358jufuh5eyxwauzrjqa7qn50pglee4tayc2ntqcjtl6r

Show more details

Published at

2023-06-07 04:44:07

Kind type

1 Short Text Note

Event JSON

{ "id": "a0f474b379a9e69186d8e37557b830a03a223c95be87cb429b5563185a1a8439", "pubkey": "5cb21bf5d7f25a9d46879713cbd32433bbc10e40ef813a3c28fe7355f49854d6", "created_at": 1686105847, "kind": 1, "tags": [ [ "e", "247922e9146ee6b54a634fc05ad7a489892c01debcd0510d008be95a47f6db80", "", "root" ], [ "e", "60cabc9da2f4dc8b2a3a59bbfa23a989f8f5402da2afe00b3247d4b9ecc98e56", "", "reply" ], [ "p", "6ac6a519b554d8ff726a301e3daec0b489f443793778feccc6ea7a536f7354f1" ] ], "content": "📅 Original date posted:2011-12-18\n🗒️ Summary of this message: Using DNS-based alias systems for Bitcoin payments is vulnerable to spoofing. One solution is to embed a Bitcoin address in the identification string itself.\n📝 Original message:On Mon, Dec 19, 2011 at 12:58:37AM +0100, slush wrote:\n\u003e Maybe I'm retarded, but where's the point in providing alliases containing\n\u003e yet another hash in URL?\n\nAny DNS-based alias system is vulnerable to spoofing. If I can make people's\nDNS server believe that mining.cz points to my IP, I'll receive payments to\nyou...\n\nIf no trusted CA is used to authenticate the communication, there is no way\nto be sure the one you are asking how to pay, is the person you want to pay.\nTherefore, one solution is to put a bitcoin address in the identification\nstring itself, and requiring SSL communication authenticated using the\nrespective key.\n\nThis makes the identification strings obviously less useful as aliases,\nbut pure aliases in the sense of human-typable strings have imho\nlimited usefulness anyway - in most cases these identification strings\nwill be communicated through other electronic means anyway.\n\nFurthermore, the embedded bitcoin address could be hidden from the user:\nretrieved when first connecting, and stored together with the URI in\nan address book. Like ssh, it could warn the user if the key changes\n(which wil be ignored by most users anyway, but what do you do about\nthat?)\n\n-- \nPieter", "sig": "06a58dc98ae2445f5cc42dc4731d4315d3d68f3ce93a04deddae97774a3c7e796bf7a5e4d03b86b476edf84a90e4519f1f61f780c2c7d8220e53af0cb3bfeee5" }