• 0 Posts
  • 24 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle









  • Ownership of the domain is verifiable on the blockchain, if the same wallet that owns the domain (nft) also publishes the pub key (owns the pub key nft or key data is embedded in the domain name nft) you can verify that the key is valid.

    IMO blockchain is more trustworthy than any single CA because you aren’t trusting a single entity, but a decentralized network of nodes. Assuming that most nodes are honest you can query 100 independent nodes for the same data, if 99 say the same thing you can be fairly confident that the data is valid. You can also run your own node and not have to trust anyone.

    To protect against MITM of your connection redirecting all traffic to their malicious node, some well known and trusted nodes would be hardcoded in the browser/OS software along with their public signing key to verify the signed data they send you, and genesis block data in case you want to run a node yourself. Signing keys of nodes would also be published to the blockchain. Think a unified, immutable, cryptographically verifiable, distributed database of public key - domain name pairs, which is what blockchain basically is. Encrypting the connection is a good idea too, extra privacy is always welcome.

    The biggest advantage here is that every single pub key (certificate) is stored by every single node (CA), so if one node goes rogue or is compromised and starts serving false data, it will be immediately discovered by the client by comparing it’s data to the data from other nodes, and can be immediately and verifiably reported to the network, even in the case of a targeted attack, because all data recived from the nodes is signed.

    No solution is perfect and this one is not an exception, if your hardware or your os/browser is compromised there is nothing short of manually checking certificate data or using an external device to verify it, that can be done, but that’s true for most IT systems, including the current TLS certification and authority based system.

    Blockchain is a well tested technology that has proven itself to work by being a core part of a trillion dollar industry and was specifically designed to eliminate the need for trusting a 3rd party. It seems like a natural solution to the biggest problem with CAs - trusting a 3rd party. It’s honestly sad that so many people dismiss it or are downright against it coz “crypto”, even when no crypto currency is invloved. I guess they spent so much time hating it they can’t even admit it might be useful to them after all.

    Thanks for asking for a follow-up instead of just downvoting.


  • Ownership of the domain is verifiable on the blockchain, if the same wallet that owns the domain (nft) also publishes the pub key (owns the pub key nft or key data is embedded in the domain name nft) you can verify that the key is valid.

    IMO blockchain is more trustworthy than any single CA because you aren’t trusting a single entity, but a decentralized network of nodes. Assuming that most nodes are honest you can query 100 independent nodes for the same data, if 99 say the same thing you can be fairly confident that the data is valid. You can also run your own node and not have to trust anyone.

    To protect against MITM of your connection redirecting all traffic to their malicious node, some well known and trusted nodes would be hardcoded in the browser/OS software along with their public signing key to verify the signed data they send you, and genesis block data in case you want to run a node yourself. Signing keys of nodes would also be published to the blockchain. Think a unified, immutable, cryptographically verifiable, distributed database of public key - domain name pairs, which is what blockchain basically is. Encrypting the connection is a good idea too, extra privacy is always welcome.

    The biggest advantage here is that every single pub key (certificate) is stored by every single node (CA), so if one node goes rogue or is compromised and starts serving false data, it will be immediately discovered by the client by comparing it’s data to the data from other nodes, and can be immediately and verifiably reported to the network, even in the case of a targeted attack, because all data recived from the nodes is signed.

    No solution is perfect and this one is not an exception, if your hardware or your os/browser is compromised there is nothing short of manually checking certificate data or using an external device to verify it, that can be done, but that’s true for most IT systems, including the current TLS certification and authority based system.

    Blockchain is a well tested technology that has proven itself to work by being a core part of a trillion dollar industry and was specifically designed to eliminate the need for trusting a 3rd party. It seems like a natural solution to the biggest problem with CAs - trusting a 3rd party. It’s honestly sad that so many people dismiss it or are downright against it coz “crypto”, even when no crypto currency is invloved. I guess they spent so much time hating it they can’t even admit it might be useful to them after all.

    Thanks for asking for a follow-up instead of just downvoting.


  • This is slightly off-topic but I was thinking about it and all of thoes isues can be solved by utilizing blockchain. Imagine a world where instead of CAs, decentralized domain (unstoppable domains, ENS etc.) owners publish their pub keys to the blockchain, the client can than query multiple nodes or store the chainstate locally. When establishing a connection client sends a secret handshake message + clients’ pub key encrypted with domains’ pub key. To complete the handshake server responds with the same secret message encrypted with clients’ pub key.



  • I don’t have cameras in my store and i doubt you walk around with a gopro strapt to your forehead. Crypto stores develop reputation as well.

    On what are you basing the opinion that MUCH larger percentage of the crypto ecosystem is devoted to scams? Legal action is the only recourse you have with cash, the same can be done with crypto. If design of crypto incentives scams then so does the design of cash.

    Yes, but gullibility is the #1 problem and again, crypto has no safeguards or recourse.

    Neither does cash, gift cards and all of the methods Nigerian princes and certified Microsoft technicians from IRS have been successfully using for years to scam their victims.

    The whole point of making the system decentralized is so that a powerful actor can’t seize control over it. There are hundreds of chains with different rules and regulations, you can chose the one that fits your needs, and if a powerful actor tries to change it’s rules the community can decide that the version of the chain with altered rules isn’t one they want to take part in and split off. It has happened before with block size wars that resulted in btc/bch split. Both chains run fine to this day, each with their own rules decided by their own community.


  • How is it harder to scam with cash? You come to my store to buy something, you hand me the bill, I take it and don’t give you anything in return. Even if you call the police it’s my word against yours, how will you prove that I took your money?

    Most scams are done irl with FIAT (fake bills, overpriced cooking pots, fake tech support, palm reading, IRS google play cards, nigerian princes, fake e-bay items, fake charge-backs for real e-bay items, uber ride cancels, uncancellable memberships, hidden costs…) at the end of the day you can’t protect everyone from everything, especially from their own gullibility. The design of crypto, when used properly, prevents all of the non-gullibility based scam types (chargebacks, cancels, hidden costs, automatic deductions etc.). For some people complete control over their money is a plus and some prefere to have it handled by banks and governments, maybe crypto just wasn’t made for the latter.






  • A gui app that lets you:

    • symmetrically encrypt and decrypt text and files with AES-256 and without any weird formating that would make it incompatible with openssl.
    • generate (without writing to file) RSA-(2048-4096) keys and asymmetrically encrypt, decrypt, sign and verify text and files.

    It should be simple without any advanced options or storing any data or credentials or saving anything without asking the user. For example;

    For symmetric text:

    • 3 text boxes, 1 for input, 1 for output, 1 for password, encrypt/decrypt radio, 1 button.

    For symmetric file:

    • file picker, 1 password text box, encrypt/decrypt radio, 1 button

    For asymmetric generation:

    • 2 text boxes, 1 for priv key, 1 for pub key, 1 button.

    For asymmetric text:

    • 3 text boxes, 1 for input, 1 for output, 1 for priv/pub key, encrypt/decrypt/sign/verify radio, 1 button

    For asymmetric file:

    • file picker, 1 priv/pub key text box, encrypt/decrypt/sign/verify radio, 1 button