-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 09/29/2015 07:39 AM, Jeff Burdges wrote:
On Tue, 2015-09-29 at 00:59 +0000, Jeremy Rand wrote:
The issue I do see is that SPV validation doesn't work well unless you ask multiple peers to make sure that you're getting the chain with the most PoW. So I gather that this would require connecting to Namecoin peers running on multiple exit nodes. I don't think that's problematic, but it would have to be taken into account.
This is no different from validation for existing DNS results. Tor attempts to prevent this by building a list of bad exits, but it's challenging to catch an exit that attacks only one website.
You could check multiple peers but that costs you some anonymity. If you use many .bit names, this might expose the fact that you use Namecoin to your guard.
How does checking Namecoin peers on running on multiple exits cost anonymity? I'm not quite seeing what the attack is here.
There are many Tor programs like Ricochet and Pond, and many websites, that should be detectable by a sufficiently dedicated guard, so that's not a compelling reason not to check multiple exits, but it requires consideration.
One could maybe design the Namecone shim to check obtain general-but -relevant information from multiple exits running the Namecoin client, but only obtain the actual result from one exit. Or maybe that's reinventing the SPV client.
Retrieving block headers from multiple exits, and then asking for a specific domain's SPV proof from a single exit, will at least provide reasonable assurance that the result was valid sometime in the past 8 months (expiry period for Namecoin names). Once unspent name output set commitments are added to the Namecoin block validation rules, it will provide reasonable assurance that the result was valid as of about 2 hours ago. A single node could still censor updates from the past 2 hours, which would not be the case if sufficient multiple nodes are asked.
It might also be possible to download the full blocks from the last 2 hours (along with unmined transactions) from multiple peers. This wouldn't reveal which names you're asking for, would presumably be only a few megabytes at startup (along with keeping up with incoming transactions over time), and would be sufficient when combined with SPV proofs from a single node to give you completely current data.
I'm still not seeing the attack that stems from asking multiple exits for specific domains, though. Can you elaborate?
Cheers, - -Jeremy