<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div><i>(Sent this to [curves] by accident. Meant to send it [messaging] as this is relevant for key exchange.)</i></div><div><br></div>Dionysis Zindros came up with the following mechanism to prevent DNSChain servers from forging blockchain data (copied from our blog post):<div><br></div><div><blockquote style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div>3. Use <strong>Proof-of-Transition</strong> (PoT). PoT is a simple but powerful idea that <a href="https://twitter.com/dionyziz" target="_blank">Dionysis Zindros</a> came up with (which we plan to elaborate on in future work). Briefly: clients store the public key fingerprints of the blockchain transaction that corresponds to a domain. These correspond to the public key that was used to update the blockchain entry. When a new SSL/TLS cert is seen, require DNSChain to provide proof in the form of the transaction(s) that were used to update the blockchain entry. If these transaction(s) were signed by the original public key, we can be assured that DNSChain is not cooking the books.</div><div><br></div></blockquote>From "Certificate transparency on blockchains"</div><div><br></div><div><a href="https://blog.okturtles.com/2015/03/certificate-transparency-on-blockchains/">https://blog.okturtles.com/2015/03/certificate-transparency-on-blockchains/</a></div><div><br></div><div>Greg</div><div>
<br class="Apple-interchange-newline"><span style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;">--</span><br style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><span style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;">Please do not email me anything that you are not comfortable also sharing</span><span style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;"> with the NSA.</span>
</div>
<br></body></html>