Rick Wesson [ARCHIVE] on Nostr: 📅 Original date posted:2011-07-26 🗒️ Summary of this message: DNS-based ...
📅 Original date posted:2011-07-26
🗒️ Summary of this message: DNS-based resolving for Bitcoin addresses is risky due to potential MITM attacks. DNSSEC is not a solution. HTTPS is a better option with no significant drawbacks.
📝 Original message:[snip]
> I totally agree, however I don't think DNS-based resolving is a good
> idea here. HTTPS does have several advantages over a DNSSEC-based
> solution without any significant drawbacks that I can see.
To restate your (con dnssec) points:
o DNS resolution of bitcoin addresses is bad because of potential
MITM attacks
o DNSSEC is not a security measure for mitigating DNS resolution of
bitcoin addresses
because the application would require its own dnssec enabled stub resolver
Please restate
o HTTPS is your preferred method for resolution because?
If you can enumerate your advantages so I can develop a proper
response to the points you have raised.
thanks,
-rick
🗒️ Summary of this message: DNS-based resolving for Bitcoin addresses is risky due to potential MITM attacks. DNSSEC is not a solution. HTTPS is a better option with no significant drawbacks.
📝 Original message:[snip]
> I totally agree, however I don't think DNS-based resolving is a good
> idea here. HTTPS does have several advantages over a DNSSEC-based
> solution without any significant drawbacks that I can see.
To restate your (con dnssec) points:
o DNS resolution of bitcoin addresses is bad because of potential
MITM attacks
o DNSSEC is not a security measure for mitigating DNS resolution of
bitcoin addresses
because the application would require its own dnssec enabled stub resolver
Please restate
o HTTPS is your preferred method for resolution because?
If you can enumerate your advantages so I can develop a proper
response to the points you have raised.
thanks,
-rick