Since Encaya now supports off-chain TLSA records (used for TLS server authentication), this begs a question: can something similar be done for SSHFP records (used for SSH server authentication)? In principle, the main things we would need to pull this off are: Some way to embed a blob of data inside an SSH public key. Some way for that blob to get passed to code we control (during the SSH handshake). Some way to mark a public key as trusted (also during the SSH handshake). For requirement 1, ...| Namecoin
I represented Namecoin at the 2025 Global Conference on Educational Robotics (July 8-12, 2025 in Norman, OK). If you enjoy STEM education talks, this presentation might be up your alley. Video is available here. My slides are available here. My paper is available here. Huge thanks to the staff and volunteers from KISS Institute for Practical Robotics, who organized GCER. And in particular a huge thanks to KIPR for publishing videos of the breakout presentations; this is hugely helpful to the ...| Namecoin
As the shelf life of most public-key cryptography nears its quantum-induced termination, many protocols are moving toward post-quantum (PQ) cryptography. PQ crypto, defined as cryptosystems that are believed to be secure against both classical and quantum cryptanalysis, is an active research area, with rapid advances happening in both the cryptosystems and the attacks. It would be nice if we had more time to research secure PQ cryptosystems, but alas we do not have that luxury. TLS is thus be...| Namecoin
Now that hashed TLSA records are a thing, it’s time to ask our inner mad scientist: can we do any better than that? What would be better for scalability than only putting a hash on the blockchain? What about… not putting any TLS things on the blockchain? Sounds impossible, right? Let’s frame this question a different way: why are we putting a TLSA record on the blockchain? Or perhaps we can ask an even more radical question: why do we put anything on the blockchain? There are three main...| Namecoin
If you’ve used generate_nmc_cert to set up a Namecoin TLS server, you’ve probably found the interface a tad vexing. Examples of such weirdness:| www.namecoin.org
As long-time readers will be aware, probably the biggest innovation of Namecoin’s TLS functionality is that it uses a special form of TLS certificates that happens to work well in mainstream web browsers, via the interoperability magic of AIA and PKCS#11. This avoids having to patch web browsers or intercept TLS connections (either of which would introduce nontrivial security liabilities). One of the consequences of this benefit has been that Namecoin domains must embed an ECDSA public key ...| Namecoin
For those of you who haven’t seen my various conference talks about Namecoin TLS, AIA (Authority Information Access) is a mechanism for a TLS certificate to provide a URL where you can find the certificate of its issuer. Namecoin does some, uh, creative things with AIA. For reasons that will be elaborated on in a future post (don’t worry, all will be explained there), I wanted to know the maximum length of the URL that AIA can link to.| www.namecoin.org
sockstrace just got a major update. Here’s a quick overview of the new features:| www.namecoin.org
We’re happy to announce that Namecoin will be giving a presentation at MoneroKon 5 in Prague, Czechia (June 20-22). Live streams are expected.| www.namecoin.org
As you may recall, ncp11 is Namecoin’s PKCS#11 module that enables TLS to work for Namecoin domains with standard TLS clients that use NSS or GnuTLS. I’ve recently made several improvements to ncp11: Add additional tracing Namecoin’s PKCS#11 modules can log traces of their internal state, which can be helpful for debugging. I’ve expanded ncp11’s tracing to cover some additional state. Disable Certificate Transparency Modern versions of Firefox and Chromium mandate Certificate Transp...| Namecoin
We’re happy to announce that Namecoin is receiving three new grants:| www.namecoin.org
We’re happy to announce that at least three Namecoin developers will be at 38C3 (the 38th Chaos Communication Congress) in Hamburg, December 27-30. Additionally, at least two Namecoin developers will be at FOSDEM 2025 in Brussels, February 1-2.| www.namecoin.org