Author

Topic: DNS and wallet addresses (Read 921 times)

legendary
Activity: 2912
Merit: 1060
May 02, 2013, 06:17:45 AM
#13
Make a site with a * cname record and let us add modules like mtgox payment form. It can't be forged if you match the address. But someone can hack it and make all the forms go to him.
full member
Activity: 154
Merit: 100
newbie
Activity: 42
Merit: 0
May 01, 2013, 09:22:22 PM
#11
OK, fair enough; those are good points. I guess we're running up on the old trade-off between security and convenience. In any case, I wasn't trying to argue that this is an idea that should be in the reference client ASAP, only that it's a decent idea worth looking at.
legendary
Activity: 1512
Merit: 1036
May 01, 2013, 09:22:05 PM
#10
newbie
Activity: 26
Merit: 0
May 01, 2013, 08:35:03 PM
#9
Not everyone using Bitcoin is concerned with anonymity, and those who are use Tor anyway, so their DNS queries are already anonymized. DNS query results get cached, too, so not every query is going to be visible to the person running the authoritative DNS server for the domain in question. Even without Tor, if you use a popular public DNS server like 8.8.8.8, 4.2.2.2, etc., then there's a fair chance your queries will be returned from that server's cache anyway. I don't see how this is any more of a threat than running a Bitcoin client without Tor.


It's because you're crossing a security boundary with a bugged address.  Basically, if you posted your 1xxxx address on a torified website and you sent to it, no other information but that address has been passed on.  When you use a vanity name backed with txt record, you're putting a permanent bug in someone's client - since now it's a.b.c.d that needs to be looked up to be sent.  At any time their client leaves the security domain you have the chance of leaking IP addresses.

Not to mention having to wedge all of dnssec into the reference client in order to validate the signature.
newbie
Activity: 42
Merit: 0
May 01, 2013, 07:56:41 PM
#8
Not everyone using Bitcoin is concerned with anonymity, and those who are use Tor anyway, so their DNS queries are already anonymized. DNS query results get cached, too, so not every query is going to be visible to the person running the authoritative DNS server for the domain in question. Even without Tor, if you use a popular public DNS server like 8.8.8.8, 4.2.2.2, etc., then there's a fair chance your queries will be returned from that server's cache anyway. I don't see how this is any more of a threat than running a Bitcoin client without Tor.
newbie
Activity: 26
Merit: 0
May 01, 2013, 07:30:13 PM
#7
I was just thinking about the possibility of harnessing the conventional domain name system as a means to store wallet addresses such that you could direct a transaction to a URL something like:

wallet.mydomain.com

Could this be achieved using the TXT-type record on the DNS for the subdomain? Would be pretty cool to define a standard for this. The record could contain addresses for various wallet types - e.g.

wallet.mydomain.com. TXT "wallet=btc:1K59yRiX3Vvp2jZyHYDmmzGaGehLFL9aWy xrp:raiE52Ws8wYjh8k93dDDUqq4HwkfPhR6fA"


This seems so obvious that I assume I'm either being stupid somehow, or that this is an old idea, but thought I'd chuck it out there...

Ben

So to pay someone on an anonymous transaction system you need to access a logging DNS server and leave a littered trail of queries?  I'm just verifying your plan here.  I'll be sure to use this on a torland website so idiots give me their IP addresses.

Congratulations, you just invented the 1x1 transparent .gif for bitcoin.
newbie
Activity: 16
Merit: 0
May 01, 2013, 03:26:43 PM
#6
Right, of course. Easy enough to misdirect to a different wallet by 'hacking' the record down river. DNSSEC looks like a good solution to that problem...
newbie
Activity: 42
Merit: 0
May 01, 2013, 03:09:46 PM
#5
Perhaps such a scheme can only be secure if it's combined with DNSSEC or something like that.
legendary
Activity: 2058
Merit: 1452
May 01, 2013, 02:51:52 PM
#4
what's preventing a malicious registrar/ISP/government from intercepting the dns request? this is currently worse than posting the address on a https page.
newbie
Activity: 16
Merit: 0
May 01, 2013, 02:39:37 PM
#3
Yes, that makes sense, since I think the maximum length of a TXT is 255 chars.
newbie
Activity: 42
Merit: 0
April 30, 2013, 10:35:48 PM
#2
I can't think of any reason that wouldn't work. I think you can create multiple TXT records for a domain, too, so you wouldn't have to cram every wallet address into a single record.
newbie
Activity: 16
Merit: 0
April 30, 2013, 09:16:16 PM
#1
I was just thinking about the possibility of harnessing the conventional domain name system as a means to store wallet addresses such that you could direct a transaction to a URL something like:

wallet.mydomain.com

Could this be achieved using the TXT-type record on the DNS for the subdomain? Would be pretty cool to define a standard for this. The record could contain addresses for various wallet types - e.g.

wallet.mydomain.com. TXT "wallet=btc:1K59yRiX3Vvp2jZyHYDmmzGaGehLFL9aWy xrp:raiE52Ws8wYjh8k93dDDUqq4HwkfPhR6fA"


This seems so obvious that I assume I'm either being stupid somehow, or that this is an old idea, but thought I'd chuck it out there...

Ben
Jump to: