BTLS: Blockchain-based Transport Layer Security

renne
Posts: 80
Joined: Fri May 30, 2014 7:09 pm
os: linux

Re: BTLS: Blockchain-based Transport Layer Security

Post by renne »

biolizard89 wrote:I agree with Daniel that application-specific features do not belong in namecoind or libcoin.
You can outsource the generation and registration of a X.509 certificate into another wallet, of course. In my opinon buying Namecoins is already a complicated entry barrier. Aside from code redundancy users will not have the patience to fiddle about with another wallet application to create and register a certificate in the blockchain.

The GNUTLS-API seems to be way better structured and documented than the OpenSSL-API. But I assume you don't want to switch to another crypto library. The example code is based on OpenSSL.

Is there any interest to implement certificate generation and fingerprint registration into Namecoin? Maybe via some kind of plugin-API?

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: BTLS: Blockchain-based Transport Layer Security

Post by biolizard89 »

renne wrote:
biolizard89 wrote:I agree with Daniel that application-specific features do not belong in namecoind or libcoin.
You can outsource the generation and registration of a X.509 certificate into another wallet, of course. In my opinon buying Namecoins is already a complicated entry barrier. Aside from code redundancy users will not have the patience to fiddle about with another wallet application to create and register a certificate in the blockchain.

The GNUTLS-API seems to be way better structured and documented than the OpenSSL-API. But I assume you don't want to switch to another crypto library. The example code is based on OpenSSL.

Is there any interest to implement certificate generation and fingerprint registration into Namecoin? Maybe via some kind of plugin-API?
To make myself clear: I said I was against the *verifier* logic being in namecoind/namecoin-qt (NMControl is a good place for that). I'm personally not against putting the *name data creation* GUI into the main Namecoin wallet.

Of course, the Namecoin-Qt GUI's future is unclear; there is some uncertainty of whether we'll continue to maintain the name management GUI in the Namecore rebase, or whether we'll switch to Armory (which has a much better GUI). The code in the current Namecoin client is definitely being scrapped though. So, I think a pull request for this would probably be better to wait until the dust has settled from the rebase.

Daniel may or may not agree with the above recommendations.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

renne
Posts: 80
Joined: Fri May 30, 2014 7:09 pm
os: linux

Re: BTLS: Blockchain-based Transport Layer Security

Post by renne »

biolizard89 wrote:Of course, the Namecoin-Qt GUI's future is unclear; there is some uncertainty of whether we'll continue to maintain the name management GUI in the Namecore rebase, or whether we'll switch to Armory (which has a much better GUI). The code in the current Namecoin client is definitely being scrapped though.
In that case I suggest to consider extending the namecoind-HTTPS-API to serve static HTML/Javascript files. That way you can use any modern browser as GUI rendering engine. As it would be independent of hardware-platform, OS, display-manager and window-manager you can save a lot of fiddeling with different binary APIs/QT. Instead you just have to create HTML/Javascript to render the GUI. It would also allow to open/close the view-port (-> browser window) without stopping namecoind. GUI customization (e.g. adding new use-cases) would be much easier, too. But this should be discussed in another thread. ;-)

P.S.: A HTML-GUI allows to create the X.509 client-certificate automatically in the browser. Maybe it's better to implement the handling of the X.509-certificate into the HTTPS-API only. Have a look at Generating client side certificates in browser and signing on server and Client Certificates and the HTML5 keygen Tag

Post Reply