On 2014-04-30, 4:55 AM, James Salsman wrote:
it just proxies whatever normal public dns you tell it to....
Presumably they seed the namecoin table with DNS records and use those instead when they exist? I don't know whether those can be expired efficiently.
Nope, https://github.com/okTurtles/dnschain/blob/master/src/lib/dns.coffee#L172
As for on the current web making sure you're sending your password to the right person, no one is intercepting your credit card details, who you're talking to isn't being tracked by anyone but the site itself, etc... well okTurtles just leaves that up to the same certificate authorities they don't trust....
It seems like they would take the next logical step and verify namecoin-cached public key fingerprints of both the site and the certificate before initiating a traditional SSL connection (and/or better revocation support.)
You may be misunderstanding something. id/* and d/* entries (foo.bit = d/foo in namecoin) are part of the namecoin core software itself. And namecoin has no support for carrying any DNS or TLS fingerprints besides the d/* entries for .bit domains. The people behind okTurtles/DNSChain did not create namecoin, neither of the two authors of DNSChain have contributed a single line of code to namecoin. They can't add new features to namecoin, only use the ones that already exist. All they're doing with DNSChain is creating DNS + a HTTP API built on top of namecoin. An implementation which (as far as the public link pages and wiki I can find) the namecoin community doesn't even recognize. The namecoin community appears to be working on implementing DNS, etc... for namecoin itself.
Oh and the actual Namecoin community is using Convergence as the base for one of the ways they're implementing .bit support, lol.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/]