(Sent this to [curves] by accident. Meant to send it [messaging] as this is relevant for key exchange.)
Dionysis Zindros came up with the following mechanism to prevent DNSChain servers from forging blockchain data (copied from our blog post): 3. Use Proof-of-Transition (PoT). PoT is a simple but powerful idea that Dionysis Zindros came up with (which we plan to elaborate on in future work). Briefly: clients store the public key fingerprints of the blockchain transaction that corresponds to a domain. These correspond to the public key that was used to update the blockchain entry. When a new SSL/TLS cert is seen, require DNSChain to provide proof in the form of the transaction(s) that were used to update the blockchain entry. If these transaction(s) were signed by the original public key, we can be assured that DNSChain is not cooking the books. From "Certificate transparency on blockchains" https://blog.okturtles.com/2015/03/certificate-transparency-on-blockchains/ Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
