Did not know where to post this so as not to multiply threads I'm posting in general dev discussion.
Comments and criticism is welcome.
This method allows paying to DNS defined domain (or subdomain) from within the client.
Title: DNS Based Address resolution
Author: Azarov Andrey
Status: Draft
Summary
In the first releases of Bitcoin payment to IP has been introduced. Unfortunately, such method would have left the network exposed to malicious activities.
With the original proposed addressing scheme Bitcoin addresses are extremely difficult to remember (obviously due to their random nature of not easily relatable mix of alphanumeric characters). This downside is also accompanied by security issues - when the addresses are copy-pasted to the client or when only the beginning and the end of the address is checked for similarity it leaves it open to very easy replacement attacks or just plain mistakes from the user. In a financial system with non-refundable tokens, such issue can be a grave mistake.
There were attempts to create an easy to remember naming scheme but it required using an alternative coin (Namecoin) to perform security of the name and thus was not feasible without direct exchange of tokens.
I propose a method using currently implemented worldwide naming system - DNS - to define unique bitcoin addresses for the clients to pay to. The security of DNS record can be provided by DNSSEC which would prevent government and other third-parties possible intervention and hijacking. DNSSEC is already used to secure authenticity of CERT, SSHF, IPSECKEY and TLSA records.
For simplicity sake, we ignore NAPTR and other fringe record types and use universally supported and accepted TXT record.
Motivation
Instead of paying to 1LbjEXE3idnyoBFdXrXpvmc9LcQyn9L7Ug or 1C26Erb8FzFUFq5goPnFWtKxLCf4Qz23R8 we will pay to example.com or user.example.com or subuser.user.example.com or invoice.74965.example.com . Extensions could be provided for browsers to display address for the visiting user.
Specification
In a DNS server a public address can be specified using the following TXT record:
```bind9
; example.com zone file fragment
$TTL 2d
@ IN A 127.0.0.1
www IN A 127.0.0.1
_bitcoin 1 IN TXT "1LbjEXE3idnyoBFdXrXpvmc9LcQyn9L7Ug"
...
```
Which when resolved would be the same as using URI bitcoin:1LbjEXE3idnyoBFdXrXpvmc9LcQyn9L7Ug
After successful payment, the address can be iterated with the usual widely available DNS server commands to update the record to a new address.
With TTL = 1 second (5 is the minimum but some applications will take it) it will update to a new address.
Already some of the DNS servers can be programmed to provide auto-generated addresses per each request or per different IP either from a pre-populated database or a genaddress script directly. This can still be cached for some period for each IP. The TTL record can be modified then to provide a TTL of 1 day or 1 week or more.
Another approach is to provide something like:
```bind9
; example.com zone file fragment
$TTL 2d
@ IN A 127.0.0.1
www IN A 127.0.0.1
_bitcoin.invoice.74856 10m IN TXT "1LbjEXE3idnyoBFdXrXpvmc9LcQyn9L7Ug"
_bitcoin.invoice.74836 10m IN TXT "1C26Erb8FzFUFq5goPnFWtKxLCf4Qz23R8"
...
```
And remove the record after TTL expired.
Of course, TXT response should be checked and verified as a valid Bitcoin address by the client to prevent unfortunate Proof of Burn.
Deployment
This improvement can be applied client-side only and doesn't require modifying protocol.
Client functions have to be implemented with DNS resolution over dnssec supporting libraries due to not many OS's supporting DNSSEC natively.
Benefits
1. Bitcoin will gain a lot of ease of use as well as become more attractive for eCommerce.
2. DNS servers are much easier to protect than HTTP server dynamic pages. Usually, DNS is the last bastion which hacker can access. In case of a third party supporting DNS you also have resilience (i.e. website is taken down by DDoS and Bitcoin address is not visible).
3. It would become much easier to provide addresses for direct payments than generating keys directly on the HTTP daemon server which has more possibilities of malicious hacking than slightly more limited DNS server.
Risks
1. Possible confusion of users between bitcoin and domain-based addresses. Can be mitigated by visualized difference.
2. Scam artists might try using similar domain names - however, domain names have far smaller possibility of error and scam domains are suspended fast nowadays. A warning screen with disclaimer and timeout can be implemented a la "you are sending to a newly discovered domain-sourced address, please re-enter the sum". After that, the DNSSEC key should be saved in a database to prevent possible MITM and malice.
3. Of course, DNS server could be hacked and the DNS entries might get rewritten. There is no way to protect against that as well as no way to protect against websites having their addresses rewritten by a hacker. However, this is out of scope of Bitcoin and should be taken as a possible loss. Users paying large sums (percent-wise off their wallet) should receive some disclaimer no matter where they pay
4. Exposure of IP address is possible in case of 'unique address <- DNS request <- HTTP request' logging chain, but then again it is also possible via HTTP requests to the website so I would classify this risk as negligible.
Comments and criticism is welcome.
This method allows paying to DNS defined domain (or subdomain) from within the client.
Title: DNS Based Address resolution
Author: Azarov Andrey
Status: Draft
Summary
In the first releases of Bitcoin payment to IP has been introduced. Unfortunately, such method would have left the network exposed to malicious activities.
With the original proposed addressing scheme Bitcoin addresses are extremely difficult to remember (obviously due to their random nature of not easily relatable mix of alphanumeric characters). This downside is also accompanied by security issues - when the addresses are copy-pasted to the client or when only the beginning and the end of the address is checked for similarity it leaves it open to very easy replacement attacks or just plain mistakes from the user. In a financial system with non-refundable tokens, such issue can be a grave mistake.
There were attempts to create an easy to remember naming scheme but it required using an alternative coin (Namecoin) to perform security of the name and thus was not feasible without direct exchange of tokens.
I propose a method using currently implemented worldwide naming system - DNS - to define unique bitcoin addresses for the clients to pay to. The security of DNS record can be provided by DNSSEC which would prevent government and other third-parties possible intervention and hijacking. DNSSEC is already used to secure authenticity of CERT, SSHF, IPSECKEY and TLSA records.
For simplicity sake, we ignore NAPTR and other fringe record types and use universally supported and accepted TXT record.
Motivation
Instead of paying to 1LbjEXE3idnyoBFdXrXpvmc9LcQyn9L7Ug or 1C26Erb8FzFUFq5goPnFWtKxLCf4Qz23R8 we will pay to example.com or user.example.com or subuser.user.example.com or invoice.74965.example.com . Extensions could be provided for browsers to display address for the visiting user.
Specification
In a DNS server a public address can be specified using the following TXT record:
```bind9
; example.com zone file fragment
$TTL 2d
@ IN A 127.0.0.1
www IN A 127.0.0.1
_bitcoin 1 IN TXT "1LbjEXE3idnyoBFdXrXpvmc9LcQyn9L7Ug"
...
```
Which when resolved would be the same as using URI bitcoin:1LbjEXE3idnyoBFdXrXpvmc9LcQyn9L7Ug
After successful payment, the address can be iterated with the usual widely available DNS server commands to update the record to a new address.
With TTL = 1 second (5 is the minimum but some applications will take it) it will update to a new address.
Already some of the DNS servers can be programmed to provide auto-generated addresses per each request or per different IP either from a pre-populated database or a genaddress script directly. This can still be cached for some period for each IP. The TTL record can be modified then to provide a TTL of 1 day or 1 week or more.
Another approach is to provide something like:
```bind9
; example.com zone file fragment
$TTL 2d
@ IN A 127.0.0.1
www IN A 127.0.0.1
_bitcoin.invoice.74856 10m IN TXT "1LbjEXE3idnyoBFdXrXpvmc9LcQyn9L7Ug"
_bitcoin.invoice.74836 10m IN TXT "1C26Erb8FzFUFq5goPnFWtKxLCf4Qz23R8"
...
```
And remove the record after TTL expired.
Of course, TXT response should be checked and verified as a valid Bitcoin address by the client to prevent unfortunate Proof of Burn.
Deployment
This improvement can be applied client-side only and doesn't require modifying protocol.
Client functions have to be implemented with DNS resolution over dnssec supporting libraries due to not many OS's supporting DNSSEC natively.
Benefits
1. Bitcoin will gain a lot of ease of use as well as become more attractive for eCommerce.
2. DNS servers are much easier to protect than HTTP server dynamic pages. Usually, DNS is the last bastion which hacker can access. In case of a third party supporting DNS you also have resilience (i.e. website is taken down by DDoS and Bitcoin address is not visible).
3. It would become much easier to provide addresses for direct payments than generating keys directly on the HTTP daemon server which has more possibilities of malicious hacking than slightly more limited DNS server.
Risks
1. Possible confusion of users between bitcoin and domain-based addresses. Can be mitigated by visualized difference.
2. Scam artists might try using similar domain names - however, domain names have far smaller possibility of error and scam domains are suspended fast nowadays. A warning screen with disclaimer and timeout can be implemented a la "you are sending to a newly discovered domain-sourced address, please re-enter the sum". After that, the DNSSEC key should be saved in a database to prevent possible MITM and malice.
3. Of course, DNS server could be hacked and the DNS entries might get rewritten. There is no way to protect against that as well as no way to protect against websites having their addresses rewritten by a hacker. However, this is out of scope of Bitcoin and should be taken as a possible loss. Users paying large sums (percent-wise off their wallet) should receive some disclaimer no matter where they pay
4. Exposure of IP address is possible in case of 'unique address <- DNS request <- HTTP request' logging chain, but then again it is also possible via HTTP requests to the website so I would classify this risk as negligible.
Last edited: