Namecoin unfortunately does not scale. You can't have lite clients, just an ever growing multi gigabyte database on every device you wish to use it on. Relying on a remote party to securely store and relay the blockchain to you is foolhardy, at best you're trusting a remote DNS server that can be MITM'd itself (the dotDNS system doesn't provide signing requests only encrypting).
It's a nice idea but inherently unusable in almost any circumstance.
Namecoin DOES scale, you can have lite clients, and note that dotDNS and OkTurtles are not official Namecoin projects.
The developer doesn't really understand what he is talking about when it comes to the blockchain and he misrepresents his work as being fundamentally different than what a CA offers. He honestly thinks everyone will setup their own DNSChain on top of a Namecoin install.
To what end? You could abusively embed data in the Bitcoin blockchain (20GB), or use the Namecoin blockchain, or any multitude of altcoins with useless security that nobody has even heard of before. The end result is always the same; you can prove data exists but you can't trustlessly prove it hasn't changed without the entire blockchain.
> The end result is always the same; you can prove data exists but you can't trustlessly prove it hasn't changed without the entire blockchain.
This project (DNSChain), uses the entire blockchain, so it's all good. And no, you don't need to store it on your phone as has been explained in other comments here, on the blog, and on the github page.
This does scale, and lite clients are not being proposed here. To use this, your phone/computer doesn't need to run any type of node to communicate with the blockchain. Instead, all of that is done for you by your chosen DNSChain server.
> This does scale, and lite clients are not being proposed here.
The first part of this document tells me that a local daemon communicated with Namecoin, ergo the system is dependent on having it running locally for anything approaching security.
> Instead, all of that is done for you by your chosen DNSChain server.
That's just it, why would I ever trust a remote resolver? There's two public resolvers listed on the homepage of the site, one is doing resolution in the clear and the "encrypted" one has no listed public key to verify that again there's no MITM.
None of this is filling me with confidence and we haven't even asked who is running the things yet.
In my mind it could be something run on a local lan, or at the organization or neighborhood ISP level. In those cases there is still a question of how trustworthy those sources are. But there is also a reduction in the ability to compromise many connections. An attacker targeting a specific computer or person or organization still has an avenue, but there is much less room for compromising the entire scheme as a whole (of which there is plenty of room currently).
The solution as presented doesn't solve ALL of our problems, but solutions rarely do, and it's not reasonable to expect them to. But it does solve SOME, and doesn't present any new ones (although I expect to eat my words as I type that). Progress is progress, even if it doesn't get us the full mile.
As for trusting those writing this particular software, we don't really have to trust them, we simply have to trust the code.
No, it gives you the option of a different server that the NSA has also compromised.
There's is no way to square the circle here - Zooko's triangle [1] guarantees that you can't have a decentralized system with memorable secure names. See Dan Kaminsky's analysis of Aaron's system (which was implemented by NameCoin. [2]
I just read that rebuttal link, and it predates Namecoin and it looks like things have changed quite a lot since the original proposal - including a 250 day expiration date and more importantly, Bitcoin-style block mining to do tiebreaking on registration races to decide what the truth is. Have there been any successful attacks of the type outlined in the rebuttal made on Bitcoin or Namecoin?
> Correct me if I'm wrong, but this looks as if it's just a system to present blockchain data to normal clients using a pseudo-tld DNS proxy.
That's about right, I think.
> That's just it, why would I ever trust a remote resolver?
You trust yourself right? The docs emphasize in multiple locations that you should be the one who is running the resolver. And if you don't know how, you can use a friend's while you're learning or others are making it easy for you to have your own.
> the "encrypted" one has no listed public key to verify that again there's no MITM.
It does, click on the IP and the public key is listed there in a gist, along with the command to use it with dnscrypt-proxy.
> They promise resolution will be signed by the server some day, but it's not a feature enabled right now.
It's not like it's difficult to implement this. I could do it in a couple of hours, but I came to a stopping point with the code and began focusing on community building for a bit. Don't worry, it's coming real soon, and you're welcome to implement it yourself and submit a pull request if you can't wait. :)
> It does, click on the IP and the public key is listed there in a gist, along with the command to use it with dnscrypt-proxy.
You're right, github must have hiccuped before. When I looked at that before it was a blank document. I assumed it was a placeholder because the client didn't support any sort of request signing yet.
(Sorry for editing my post out from under you, it wasn't intentional)
It's a nice idea but inherently unusable in almost any circumstance.