search

namecoin / namecoin-legacy

Legacy client. New version here: https://github.com/namecoin/namecoin-core Note the release branch! - Official website:
https://namecoin.org
MIT License
448 stars 177 forks source link

BTLS: Blockchain-based Transport Layer Security #195

Closed renne closed 10 years ago

renne commented 10 years ago

I want to suggest a simple-to-implement and easy-to-use blockchain-based authentication method:

Registration of ID/username/pseudonym

  1. User registers an ID/username/pseudonym in 'id/'-namespace
  2. User presses a button in Namecoin to automagically generate a self-signed X.509 client-certificate (PKCS12-format) which uses the ID as Distinguished Name and adds/updates the fingerprint of the client-certificate as application
  3. User imports self-signed X.509 client-certificate to his application (e.g. browser)

Authentication:

  1. User connects to service via (D)TLS
  2. Service requests self-signed X.509 client-certificate via (D)TLS
  3. Service validates self-signed X.509 client-certificate via ':<X.509-fingerprint>'-tupel in blockchain instead of CA-root/-intermediate certificates

That way there is no need to have a blockchain-client (Namecoin) running on client machines for authentication and we can use existing client-side infrastructure without any changes (e.g browsers, embedded systems). As Proof-of-Concept I suggest to patch STunnel for server-side client-certificate validation and to develop an Apache authentication provider module.

ToDo:

  1. Namecoin protocol: Add X.509-fingerprint for (D)TLS as registered application in 'id/'-namespace definition
  2. Namecoin-QT: Add button per ID in "Manage Names"-table to create and register self-signed X.509 client-certificate.
  3. Patch STunnel to authenticate self-signed client certificates against the blockchain instead of CA-hierarchy.
  4. Apache webserver: Develop authentication provider module 'mod_authn_blockchain'.

Discussion in Namecoin-Forum

Documentation for Namecoin-/Blockchain-newbies: Wikipedia about Blockchain Bitcoin.it about Blockchain Namecoin protocol (Blockchain implementation) Namecoin Identities Namecoin client (Source code)

JeremyRand commented 10 years ago

Hi,

Cool idea. Can you make this issue in https://github.com/namecoin/meta/issues instead, since this isn't specific to the Namecoin-Qt client?

renne commented 10 years ago

Done. ;)