On 2014-04-30, 4:55 AM, James Salsman wrote:
it just
proxies whatever normal public dns you tell it to....
Presumably they seed the
namecoin table with DNS records and use those
instead when they exist? I don't know whether those can be expired
efficiently.
Nope,
https://github.com/okTurtles/dnschain/blob/master/src/lib/dns.coffee#L172
As for on the
current web making sure you're sending
your password to the right person, no one is intercepting
your credit card details, who you're talking to isn't being
tracked by anyone but the site itself, etc... well okTurtles
just leaves that up to the same certificate authorities
they don't trust....
It seems like they would take the next logical step and
verify
namecoin-cached public key fingerprints of both the site and the
certificate before initiating a traditional SSL connection (and/or
better revocation support.)
You may be misunderstanding something. id/* and d/*
entries (foo.bit =
d/foo in namecoin) are part of the namecoin core software itself. And
namecoin has no support for carrying any DNS or TLS fingerprints besides
the d/* entries for .bit domains. The people behind okTurtles/DNSChain
did not create namecoin, neither of the two authors of DNSChain have
contributed a single line of code to namecoin. They can't add new
features to namecoin, only use the ones that already exist. All they're
doing with DNSChain is creating DNS + a HTTP API built on top of
namecoin. An implementation which (as far as the public link pages and
wiki I can find) the namecoin community doesn't even recognize. The
namecoin community appears to be working on implementing DNS, etc... for
namecoin itself.
Oh and the actual Namecoin community is using Convergence as the base
for one of the ways they're implementing .bit support, lol.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [
http://danielfriesen.name/]