DNSChain: Still Harmful

DNSChain is still pushing third party trust as being equivalent to lightweight resolvers.

Update

This article was meant as an overview of DNSChain, but it had a lot of drama.  I’ve written a more-up-to-date technical overview of okTurtles, DNSChain, and Unblock.us. While the security model for DNSChain has improved, they are still misrepresenting the security parameters of their software.

 

Originally, DNSChain was a pure client/server solution – every client would connect to a server with a full node Namecoin install with DNSChain acting as the middleware and DNS server.  Slepak (DNSChain’s lead developer) claimed that DNSChain did not require third party trust because everyone would have “friends” who would run servers on behalf of the user (which he called “second party trust”).  Since 99% of the population would rely on someone else to run a server for them, this effectively broke the MITM protection offered by Namecoin, despite DNChain’s claim of being “MITM-proof.”

The Namecoin development team pointed out that this is unnecessary, as lightweight resolvers only require a few megabytes to operate locally.  Later I debunked his claims regarding 3rd party trust and knocked the original scheme down as insecure and infeasible.

Slepak then started pushing the notion that everyone would have home router as their trusted server.  I knocked this updated scheme down as infeasible (10% of American’s don’t even have a home internet connection) and showed that it would loop router manufacturers into the trust base.  And, again, it is totally unnecessary given that lightweight resolvers require less than 100 megabytes of local storage.

DNSChain then added two features: checking multiple DNSChain servers and public key pinning1 (Proof-of-Transition).  Slepak now claims that this is “at least as good as” lightweight resolvers.  This is simply not true and demonstrates a basic ignorance of lightweight technology.

Astute readers will have noticed that DNSChain has simply reinvented all of the hacks used to improve third party trust.  Marlin Moxiespike was a pioneer in building systems similar to what DNSChain is proposing, such as Convergence and Tack.  However, neither of Moxiespike’s projects claim to be “MITM-proof” and it’s difficult to understand how DNSChain can claim security benefits beyond what is already offered by these projects.

I have every reason to try and suck up to Slepak, he might have funding some funding soon and he dangled the possibility of funding Namecoin projects directly. But honest and accurate marketing of the security parameters of their software is a prerequisite for any endorsement.  So I dug into okTurtles, Unblock.us.org (related projects) and checked out their website.

I pointed security flaws with okTurtles and problems with their marketing over email, such as the claim that DNSChain “fixes” HTTPS.  Slepak deflected this latter criticism and said that the fully qualified claim was excessive.  Slepak regularly uses this “it’s just marketing” excuse and generally doesn’t care that the plain reading of their claims don’t match up to reality.  I agree with what Tor developer Jacob Appelbaum said of a similarly misleading claims made by Ultrasurf,

… but it is super dangerous to make that claim and we would prefer to be very conservative so that when people use the system we know what they think they’re getting, honestly and truly.  That is absolutely the only way we think we will be able to ethically do this kind of thing and so it’s really important if you build or work on these systems to understand it is way better to over deliver and under promise.  Because when you make a mistake or when something goes wrong, real people’s lives are really on on the line and we don’t want to mislead them.

Even if we ignore all of the security problems and their problematic behavior, DNSChain is a waste of developer time and funding.  DNSChain itself is entirely duplicative of NMControl and should have just been written as a plugin for NMControl.  We also need funding for lightweight clients and Namecoin core, which is the software from which DNSChain derives all of its security claims from.

Namecoin core needs at least one full-time engineer to make the fundamental changes needed for it to go mainstream, such as increasing domain pricing and setting renewal periods to fixed time intervals.  We also need developers for the lightweight client and revamping the build system, this amounts to at least $150,000 in funding.  Our estimated need for NMControl (which DNSChain essentially duplicates) is 1/10 of what we need for core engineering.

DNSChain has a track record for poor security engineering, misleading marketing, it duplicates NMControl’s functionality.


  1. In that as long as the server doesn’t lie the first time around, future lookups are safe. 

7 Responses to “DNSChain: Still Harmful”

  1. Greg Slepak March 30, 2015 at 4:18 pm #

    What the hell are you talking about:

    1. Why are you inventing quotes from Jacob Appelbaum? http://cl.ly/image/2b3e0S0T361i He never talked to us about DNSChain. I am not aware of him even mentioning it.

    2. I did not “dangle” funding in front of you to get you to change you posts. All I did was point out that Shuttleworth wanted us to apply *jointly*.

    I wanted you to change your posts because everything you post here is a bunch of misleading nonsense, or outright lies.

    3. DNSChain is not “entirely duplicative of NMControl.” Anyone who is capable of reading through the GitHubs for those projects can plainly see that.

    4. Our security model is not based off of anything you have said here. Querying multiple DNSChain servers was a suggestion made not by you or “the namecoin developers”, but originally suggested by Simon de la Rouviere:

    http://simondlr.com/post/94988956673/an-intro-to-dnschain-low-trust-access-to

    5. Thanks to Dionysis Zindros, DNSChain now has a 3-pronged security model that is at least as good as thin clients (thanks to Proof of Transition), and practically speaking probably superior to them in terms of usefulness.

    https://blog.okturtles.com/2015/03/certificate-transparency-on-blockchains/ (bottom of post)

    You are damaging and undermining both Namecoin and DNSChain with your untruthful blog posts and baseless attacks.

    Namecoin needs to find a better spokesperson.

    • indolering April 3, 2015 at 2:39 pm #

      > 1. Why are you inventing quotes from Jacob Appelbaum? http://cl.ly/image/2b3e0S0T361i He never talked to us about DNSChain. I am not aware of him even mentioning it.

      Read that one more time, “But I agree with what Tor developer Jacob Appelbaum said of a similarly misleading claim made by Ultrasurf

      >2. I did not “dangle” funding in front of you to get you to change you posts.

      That is what it felt like to me.

      >All I did was point out that Shuttleworth wanted us to apply *jointly*.

      No, you did not. You talked about a joint crowdfunding campaign but we never discussed jointly applying to the Shuttleworth foundation.

      And I will repeat what I said previously: a prerequisite for cooperation is the removal of your insane marketing claims. I even offered to write a LoR to Shuttleworth on the condition that you cut the hyperbolic marketing.

      >I wanted you to change your posts because everything you post here is a bunch of misleading nonsense, or outright lies.

      Well, other Namecoin developers have been NAKing on me taking these posts down. They apparently don’t see this as misleading.

      > … DNSChain now has a 3-pronged security model that is at least as good as thin clients (thanks to Proof of Transition), and practically speaking probably superior to them in terms of usefulness.

      *slow claps* Congratulations: you’ve recreated all of the hacks to improve third party trust.

      That you think they are equivalent shows that don’t understand the underlying technology. I don’t fully understand it either but I’m willing to defer to the experts and I don’t make hyperbolic marketing claims.

      • Greg Slepak April 3, 2015 at 3:18 pm #

        > Read that one more time, “But I agree with what Tor developer Jacob Appelbaum said of a similarly misleading claim made by Ultrasurf”

        I read it again, and you don’t seem to have changed anything.

        You are still inventing a quote from Jacob that he never said.

        Might want to fix that.

        > No, you did not. You talked about a joint crowdfunding campaign but we never discussed jointly applying to the Shuttleworth foundation.

        Yes, I did.

        It was the first thing I brought up during our face-to-face on Google Hangouts.

        It was the entire point of the call.

        If you misunderstood what I was saying, maybe you could’ve asked for a clarification instead of writing this nonsense you’ve got here.

        This blog post, and the other ones you’ve got here, are an embarrassment to the entire community.

        They show that Namecoin’s spokesperson would rather have public he-said she-said arguments and spread disinfo about a project that directly helps Namecoin network, because you think it’s a threat to your funding.

        The funny thing is that the opposite is true.

        More bickering to come? Or will you do the right thing and take down all these posts?

        > And I will repeat what I said previously: a prerequisite for cooperation is the removal of your insane marketing claims.

        Again, there are _no_ insane marketing claims being made.

        And as I said repeatedly: if you have a problem with something, OPEN AN ISSUE:

        https://github.com/okTurtles/okturtles.com/issues
        https://github.com/okTurtles/dnschain/issues

        > *slow claps* Congratulations: you’ve recreated all of the hacks to improve third party trust.

        I don’t think you know what a hack is.

        If PoT is a “hack”, then so is SPV, and so is Namecoin itself.

        • indolering April 3, 2015 at 4:22 pm #

          >You are still inventing a quote from Jacob that he never said.

          Oh, it looks like some text got concatenated with the quote. Fixed.

          WRT the Shuttleworth thing, all of the followup emails support my version of events. I’m also not sure why I would lie about it, I basically said that I would NAK on any joint funding stuff until you clean up your marketing. But without a copy of the audio, it’s just my word versus yours.

          Your “file a ticket” response is infuriating, I’m not getting paid to do consulting work for you. I should be able to send off an email with my concerns and have them taken seriously. Hell, you should be concerned that the plain reading of your marketing doesn’t match up to reality.

          • Greg Slepak April 4, 2015 at 10:31 pm #

            > Oh, it looks like some text got concatenated with the quote. Fixed.

            Thank you for fixing the quote.

            > Your “file a ticket” response is infuriating, I’m not getting paid to do consulting work for you.

            I don’t know why you think it’s an unreasonable request.

            Perhaps you think it’s dismissive? Let me assure you it is not.

            You can look at our issues and see that all the urgent ones get addressed. A false or misleading statement in our copy would be considered an urgent issue.

            Many folks have opened up issues in our project, and exactly zero of them consider it to be “consulting work”.

            GH issues are a way for us to organize and keep track of problems, enhancement requests, etc. They help us respond better to concerns.

            They’re also provide a way for the community to provide its input. In sending me an email, you are excluding our community, and you are making it more likely that your concern(s) will go unaddressed.

            I’ve replied to your emails btw, so you should already know my thoughts.

            Open an issue. Let’s talk about whatever you perceive to be inaccurate out in the open. Let others give their 2 cents as well.

            Cheers,
            Greg

  2. Greg Slepak April 4, 2015 at 10:44 pm #

    Zach,

    I find you behavior extremely hypocritical.

    You demand we make changes to our copy, and yet:

    1. You refuse to engage us on these topics via GH.

    2. When I point out various false/misleading statements, inaccuracies, etc. on your blog, you do not fix them.

    You still haven’t fixed:

    – Your false assertion that I dangled funds in front of you.

    – Your blog post titles, which are inaccurate and misleading.

    – Various other problems that I’ve pointed out to you both in comments on your blog, over IRC, and over email.

    You’ve now also edited this blog of yours with yet another series of statements that are misleading and inaccurate:

    > After receiving pushback on their claims they added two features: checking multiple DNSChain servers and public key pinning2 (Proof-of-Transition). They claim that this is “at least as good as” lightweight rsolvers. This is simply not true and demonstrates a basic ignorance of lightweight technology.

    First of all, that is not what was said.

    Secondly, what was said (in one of my comments above), is perfectly reasonable, and if you have any questions about it you are welcome to talk me.

    Do you realize what you are doing?

    You are engaging with me in a public back-and-forth about misunderstandings you have about what we are saying and what we are doing.

    Why are you doing it in this manner?

    If you disagree with something: contact me or someone else on the okTurtles team.

    You have _my phone number_. Call me! Skype me! Google Hangouts me!

    Quit this dramatic and unnecessary public spectacle.

    Every time you think we’re doing something wrong you go to your blog and complain about it. Then I have to take the time to come here and explain why you’ve misunderstood something.

    How much time has this wasted? How much damage has this caused to funding and support to *both* projects? How many bridges have you burned? How many doors have you slammed shut for absolutely no reason?

    We are reasonable people. We don’t want to mislead anyone about anything.

    This manner of communication is inefficient and prone to misunderstanding, so do yourself and the community a favor and engage with us calmly, politely, rationally, and personally.

    – Greg

    • indolering April 6, 2015 at 2:03 pm #

      Myself and others have spent an enormous amount of time trying to engage with you. Email, GHangouts, debating on the forum, chatting on IRC: none of that has worked.

      You still refuse to admit there was ever any problem with calling your client/server solution “MITM-Proof” even when it was a dumb client that fully trusted a server. You are still trying to sell PlugPCs as a viable solution.

      You try to blame everything as a result of miscommunication. We understand what you are selling and it doesn’t match up to what you are delivering. You claimed that your security model is as secure as lightweight clients*, which is utter bullshit. You claim that Unblock.us is unblockable unless someone switches off the entire internet. God only knows what you are telling people in private.

      Now my analysis isn’t valid and unfair unless I post it to Github? I sent you an email 3 weeks ago about the problems with your marketing and spoke to you on the phone before that. You just don’t care that the plain reading of your marketing – such as “DNSChain fixes HTTPS” – is misleading. I also brought up UI spoofing in that email, you read my article on UI spoofing a week ago, and you dismissed my analysis. You even went to the trouble of shitting on me in a related Mailvelope ticket.

      I agree with you that this is a waste of time, but someone had to speak out, so I did. I do not plan on spending any more time analyzing your software’s security models.

      Fix your marketing and pull your reference to the Namecoin forums on your “peer reviewed” section and I will soften the title of the original article. Give it a few months, and I might be amenable to pulling them.

      -Indolering
      * The exact quote used the phrase “thin clients” but it doesn’t make sense in the context of the conversation and you helpfully clarified in a followup conversation on IRC that “thin clients is used as a synonym for light clients.”

Leave a Reply