Edited the last sentence to clarify that this is a form of blockchain TOFU with ratcheting. It now reads:
This mechanism can prevent initially-honest servers from cooking the books later on by verifying the transaction(s) were signed by the original public key. Thoughts/feedback welcome! Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA. On Mar 25, 2015, at 8:15 PM, Tao Effect <[email protected]> wrote: > (Sent this to [curves] by accident. Meant to send it [messaging] as this is > relevant for key exchange.) > > Dionysis Zindros came up with the following mechanism to prevent DNSChain > servers from forging blockchain data (copied from our blog post): > > 3. Use Proof-of-Transition (PoT). PoT is a simple but powerful idea that > Dionysis Zindros came up with (which we plan to elaborate on in future work). > Briefly: clients store the public key fingerprints of the blockchain > transaction that corresponds to a domain. These correspond to the public key > that was used to update the blockchain entry. When a new SSL/TLS cert is > seen, require DNSChain to provide proof in the form of the transaction(s) > that were used to update the blockchain entry. If these transaction(s) were > signed by the original public key, we can be assured that DNSChain is not > cooking the books. > > From "Certificate transparency on blockchains" > > https://blog.okturtles.com/2015/03/certificate-transparency-on-blockchains/ > > Greg > > -- > Please do not email me anything that you are not comfortable also sharing > with the NSA. > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
