Hey, you should hire me.

Hi, I'm Zach, a full-stack usability engineer.

End-To-End Web Crypto: A Broken Security Model

End-to-end encryption of web services is increasingly popular: Mailvelope aims to bolt a PGP client onto webmail and both Yahoo and Google are working to add support directly. However, the fundamental nature of the web and the limits of human cognition make web-based E2E encryption susceptible to MITM attacks.  While still potentially useful, such systems should not be used by high-risk populations such as journalists and human rights workers. (more…)

Continue Reading →

Namecoin: A Decentralized Trusted Base

Introduction I’ve been thinking a lot about transport-dependent DNS settings (BIND, http, tor, and i2p) and the architecture the original Domain Name System and applied encryption. After long talks with Ryan-C and Mark of EasyDNS, I believe we need to recast Namecoin’s purpose as a decentralized trusted base which offers secure delegation, not as a generic key->value datastore. A Trusted Base The real innovation offered by the blockchain is the ability to have trusted transactions between untrusted parties. Public-key cryptography

Continue Reading →

DNSChain vs Real Interop

In the dustup generated in my article on DNSChain’s broken security model, some argued that there is a need for a trusted solution. I agree with this, my criticisms of DNSChain are that it misrepresents its security model and introduces the worst kind of third party trust without any gains in usability or interoperability. I’m working on a more secure trusted server solution that provides backward compatibility with the existing domain name system. (more…)

Continue Reading →

The Road to Universal .p2p Resolution

I came to BitShares with the express purpose of convincing them to reinvigorate their .p2p efforts.  Thankfully, I was pleasantly surprised to find that the .p2p initiative had fizzled not due to lack of interest but of bandwidth.  The core development team liked my overall plan and I would like to present my roadmap for making .p2p a reality for the BitShares community. (more…)

Continue Reading →

DNSChain Routers: Still Broken

Since my original critique, DNSChain has moved to claiming that their client/server model does not rely on third party trust because they think that they can get Namecoin installed into home routers and personal PlugPCs which “everyone” will configure their clients to connect back to.  This is infeasible and unnecessarily ties their security model to a regressive form of third party trust. (more…)

Continue Reading →

DNSChain Considered Harmful

DNSChain is a DNS server that uses Namecoin as a backend, but compromises Namecoin’s security without any improvements to usability or legacy interoperability.  However, DNSChain’s faulty and grandiose claims have led to a frightening degree of interest and adoption.  The Namecoin blog is not the place to engage misguided projects but, as an official Namecoin developer, I feel compelled to speak out. (more…)

Continue Reading →