We recently discovered that the OpenAlias plugin, shipped in Electrum 2.0 to 2.3, does not correctly validate DNSSEC records.
A fixed version is in the works, and will be shipped in version 2.4. (ETA: a week)
In the meantime, please do not trust aliases verified by this plugin.
See the release notes for more details: https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES
A fixed version is in the works, and will be shipped in version 2.4. (ETA: a week)
In the meantime, please do not trust aliases verified by this plugin.
See the release notes for more details: https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES
To be more specific: the way it used to work was to split the URL up into parts separated by . (ie. waffle.blah.example.com is split into waffle, blah, example, com) and then check each part (from the last to the first) as follows:
1. concatenate it with the previous parts (so if we're checking "blah" then we'd be verifying blah.example.com)
2. using the system resolver get the NS record for the domain
3. ask the main nameserver (per the NS record) for the DNSKEY for that sub-domain, pass the D0 flag (ie. tell it we want DNSSEC data)
4. if it is DNSSEC signed we should receive the RRSET, which contains the DNSKEY and the RRSIG for that DNSKEY
5. validate that the signature is correct
6. repeat for the next part
This is reasonable, except it doesn't *actually* check the chain, it just checks each part of the chain. For DNSSEC to work you have to start at the root zone (which is .) as that is *the only certificate you will have on your computer*, and then you work your way down the chain, checking delegation at each point. Our checking sub-parts without delegation (and without starting at .) was lazy, and whilst it is unlikely you'd be able to cheat validation the risk is still non-negligible.
The updated verification that ThomasV has written validates the chain correctly.
