Author Archive | Zachary Lym

ICE Stonewalling Domain Seizure FOIA

Nine months ago, I wrote a blogpost outlining the exponential increase of domain name seizures by the US government and calling for a site to track these abuses. One disturbing element of this was that there is no list of domain name seizures, so I put in a FOIA request to ICE. Nine months later, […]

End-To-End Web Crypto: A Broken Security Model

End-to-end encryption of web services is increasingly popular: Mailvelope aims to bolt a PGP client onto webmail and both Yahoo and Google are working to add support directly. However, the fundamental nature of the web and the limits of human cognition make web-based E2E encryption susceptible to MITM attacks.  While still potentially useful, such systems should not […]

Debunking okTurtles, DNSChain, & Unblock.us

okTurtles, DNSChain, and Unblock.us.org form a software stack that is being sold as a panacea to online surveillance and DNS censorship.  This hyperbolic marketing is disingenuous if not dangerous.  I would like to outline exactly what each piece of software does and how the stack relates to the field as a whole. (more…)

Namecoin: A Decentralized Trusted Base

Introduction I’ve been thinking a lot about transport-dependent DNS settings (BIND, http, tor, and i2p) and the architecture the original Domain Name System and applied encryption. After long talks with Ryan-C and Mark of EasyDNS, I believe we need to recast Namecoin’s purpose as a decentralized trusted base which offers secure delegation, not as a […]

DNSChain vs Real Interop

In the dustup generated in my article on DNSChain’s broken security model, some argued that there is a need for a trusted solution. I agree with this, my criticisms of DNSChain are that it misrepresents its security model and introduces the worst kind of third party trust without any gains in usability or interoperability. I’m […]

The Road to Universal .p2p Resolution

I came to BitShares with the express purpose of convincing them to reinvigorate their .p2p efforts.  Thankfully, I was pleasantly surprised to find that the .p2p initiative had fizzled not due to lack of interest but of bandwidth.  The core development team liked my overall plan and I would like to present my roadmap for […]

DNSChain Routers: Still Broken

Since my original critique, DNSChain has moved to claiming that their client/server model does not rely on third party trust because they think that they can get Namecoin installed into home routers and personal PlugPCs which “everyone” will configure their clients to connect back to.  This is infeasible and unnecessarily ties their security model to a regressive form of third […]

Powered by WordPress. Designed by WooThemes