{"guid":"1c3ff3c0-00f3-5d3b-b141-c8db54bf0b26","title":"Namecoin as a Decentralized Alternative to Certificate Authorities for TLS","subtitle":"","slug":"34c3-ChaosWest-3-namecoin_as_a_decentralized_alternative_to_certificate_authorities_for_tls","link":"https://c3voc.de","description":"Certificate authorities suck, but the proposed replacements (e.g. DNSSEC/DANE) aren't so great either. We think Namecoin can help here, and the code is working and released! Certificate authorities (CA's) pose a serious threat to the TLS ecosystem. Unfortunately, the various proposed solutions (e.g. Convergence, DANE, HPKP, CAA, and CT) do not solve the underlying problem: the existence of trusted parties in the process of converting a domain name to a certificate acceptance policy. While it may be an improvement to reshuffle the trusted parties to have more trust agility (Convergence), a smaller set of fully trusted parties (DANE), a more limited window of opportunity for attackers (HPKP and CT) or more accountability after-the-fact (HPKP, CAA, and CT), we think it's time to solve the underlying problem. Namecoin introduces the ability to do exactly that: if you know a Namecoin domain name, you can find out which TLS certificates are valid for it, with a threat model and codebase nearly identical to the battle-hardened Bitcoin. In addition, we figured out how to make this work in the real world of uncooperative web browsers: Namecoin TLS certificate validation works with Chromium on Windows, without the high attack surface of intercepting proxies or the cookie leakage of browser extension API's.","original_language":"eng","persons":["Jeremy Rand"],"tags":["34c3-chaoswest","3"],"view_count":289,"promoted":false,"date":"2017-12-27T00:00:00.000+01:00","release_date":"2018-03-18T01:00:00.000+01:00","updated_at":"2026-03-03T20:25:47.147+01:00","length":2680,"duration":2680,"thumb_url":"https://static.media.ccc.de/media/congress/34c3-chaoswest/3-hd.jpg","poster_url":"https://static.media.ccc.de/media/congress/34c3-chaoswest/3-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/34c3-chaoswest/1c3ff3c0-00f3-5d3b-b141-c8db54bf0b26-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/34c3-chaoswest/1c3ff3c0-00f3-5d3b-b141-c8db54bf0b26-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/34c3-ChaosWest-3-namecoin_as_a_decentralized_alternative_to_certificate_authorities_for_tls","url":"https://api.media.ccc.de/public/events/1c3ff3c0-00f3-5d3b-b141-c8db54bf0b26","conference_title":"ChaosWest @ 34c3","conference_url":"https://api.media.ccc.de/public/conferences/34C3-chaoswest","related":[{"event_id":2826,"event_guid":"9ab1407a-126f-48d9-898d-eae7974324e9","weight":3},{"event_id":2827,"event_guid":"f79c744f-30d1-4175-a173-2e760049337d","weight":2},{"event_id":4929,"event_guid":"8e222759-cd6b-403b-8fe1-3517bf7d2802","weight":3},{"event_id":4948,"event_guid":"61044a55-e6d6-4b9c-add9-a7f07c65da70","weight":4},{"event_id":4955,"event_guid":"05c94f17-0ea3-4873-a2fe-a843995d1486","weight":2},{"event_id":4956,"event_guid":"658b88f7-6e67-415f-b969-ab0b84a56b1f","weight":2},{"event_id":4957,"event_guid":"3d0f6369-aa48-40bd-b435-bca5ae1f86a8","weight":2},{"event_id":4962,"event_guid":"b562864d-0d7c-4c0e-8d3e-db6f697ce1fc","weight":2},{"event_id":4967,"event_guid":"619f23dc-a31d-4aed-8860-7c87c3450082","weight":3},{"event_id":4971,"event_guid":"bac4a0c4-8ee0-485d-8fc8-92ea06357881","weight":3},{"event_id":4993,"event_guid":"0aba4941-a853-4bb6-82e9-b169a892357e","weight":1},{"event_id":5067,"event_guid":"7fcad042-c9e4-5713-8991-938d7e33f050","weight":2},{"event_id":5069,"event_guid":"84639ed6-fb5d-584a-a879-84e60b0cafd5","weight":2},{"event_id":5070,"event_guid":"a87a0521-6b12-5dca-851a-c32a13cc4581","weight":4},{"event_id":5071,"event_guid":"0da9f0ce-7f7e-56b1-bbc0-9c5b410918e8","weight":2},{"event_id":5072,"event_guid":"10b7012e-9b62-507f-affc-02aedfd964c8","weight":25},{"event_id":5073,"event_guid":"74d7736f-f73a-5164-9e7d-2fc69e74cc99","weight":6},{"event_id":5074,"event_guid":"a6054988-4570-5b14-8a61-ef934f21c10e","weight":2},{"event_id":5076,"event_guid":"bb239a0d-bf40-5e30-bc9b-aa060640eeab","weight":6},{"event_id":5077,"event_guid":"ca097e7e-351f-5f1c-b2d4-a58c6bf6113f","weight":2},{"event_id":5080,"event_guid":"ed6c2ab5-68a0-552e-94d3-63a3cc028cd0","weight":1},{"event_id":5081,"event_guid":"b41404a3-3f9b-55b3-8dee-e086fdd4f66d","weight":3},{"event_id":5083,"event_guid":"e340f48d-a241-5296-aea5-821917671506","weight":2},{"event_id":5085,"event_guid":"f64deec6-e13f-54e8-8afa-22cdcf9d8f81","weight":2},{"event_id":5086,"event_guid":"0febf3d3-23c2-5745-8395-a1dd11683a08","weight":4},{"event_id":5087,"event_guid":"efe82374-e0c2-5beb-a462-305df7dbec7a","weight":3},{"event_id":5091,"event_guid":"98a509e4-80e4-5d72-94db-8220358225bc","weight":2},{"event_id":5243,"event_guid":"41524d50-3344-2020-2020-202020202020","weight":2}],"recordings":[{"size":148,"length":2680,"mime_type":"video/mp4","language":"eng","filename":"34c3-chaoswest-3-eng-Namecoin_as_a_Decentralized_Alternative_to_Certificate_Authorities_for_TLS_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1280,"height":720,"updated_at":"2018-03-18T15:15:43.824+01:00","recording_url":"https://cdn.media.ccc.de/congress/34c3-chaoswest/h264-hd/34c3-chaoswest-3-eng-Namecoin_as_a_Decentralized_Alternative_to_Certificate_Authorities_for_TLS_hd.mp4","url":"https://api.media.ccc.de/public/recordings/23266","event_url":"https://api.media.ccc.de/public/events/1c3ff3c0-00f3-5d3b-b141-c8db54bf0b26","conference_url":"https://api.media.ccc.de/public/conferences/34C3-chaoswest"},{"size":31,"length":2680,"mime_type":"audio/opus","language":"eng","filename":"34c3-chaoswest-3-eng-Namecoin_as_a_Decentralized_Alternative_to_Certificate_Authorities_for_TLS_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2018-03-18T19:11:35.300+01:00","recording_url":"https://cdn.media.ccc.de/congress/34c3-chaoswest/opus/34c3-chaoswest-3-eng-Namecoin_as_a_Decentralized_Alternative_to_Certificate_Authorities_for_TLS_opus.opus","url":"https://api.media.ccc.de/public/recordings/23301","event_url":"https://api.media.ccc.de/public/events/1c3ff3c0-00f3-5d3b-b141-c8db54bf0b26","conference_url":"https://api.media.ccc.de/public/conferences/34C3-chaoswest"},{"size":40,"length":2680,"mime_type":"audio/mpeg","language":"eng","filename":"34c3-chaoswest-3-eng-Namecoin_as_a_Decentralized_Alternative_to_Certificate_Authorities_for_TLS_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2018-03-18T19:12:04.470+01:00","recording_url":"https://cdn.media.ccc.de/congress/34c3-chaoswest/mp3/34c3-chaoswest-3-eng-Namecoin_as_a_Decentralized_Alternative_to_Certificate_Authorities_for_TLS_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/23302","event_url":"https://api.media.ccc.de/public/events/1c3ff3c0-00f3-5d3b-b141-c8db54bf0b26","conference_url":"https://api.media.ccc.de/public/conferences/34C3-chaoswest"},{"size":83,"length":2680,"mime_type":"video/mp4","language":"eng","filename":"34c3-chaoswest-3-eng-Namecoin_as_a_Decentralized_Alternative_to_Certificate_Authorities_for_TLS_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2018-03-18T19:20:10.306+01:00","recording_url":"https://cdn.media.ccc.de/congress/34c3-chaoswest/h264-sd/34c3-chaoswest-3-eng-Namecoin_as_a_Decentralized_Alternative_to_Certificate_Authorities_for_TLS_sd.mp4","url":"https://api.media.ccc.de/public/recordings/23309","event_url":"https://api.media.ccc.de/public/events/1c3ff3c0-00f3-5d3b-b141-c8db54bf0b26","conference_url":"https://api.media.ccc.de/public/conferences/34C3-chaoswest"},{"size":148,"length":2680,"mime_type":"video/webm","language":"eng","filename":"34c3-chaoswest-3-eng-Namecoin_as_a_Decentralized_Alternative_to_Certificate_Authorities_for_TLS_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2018-03-18T19:21:07.707+01:00","recording_url":"https://cdn.media.ccc.de/congress/34c3-chaoswest/webm-sd/34c3-chaoswest-3-eng-Namecoin_as_a_Decentralized_Alternative_to_Certificate_Authorities_for_TLS_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/23310","event_url":"https://api.media.ccc.de/public/events/1c3ff3c0-00f3-5d3b-b141-c8db54bf0b26","conference_url":"https://api.media.ccc.de/public/conferences/34C3-chaoswest"},{"size":267,"length":2680,"mime_type":"video/webm","language":"eng","filename":"34c3-chaoswest-3-eng-Namecoin_as_a_Decentralized_Alternative_to_Certificate_Authorities_for_TLS_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1280,"height":720,"updated_at":"2018-03-18T19:23:41.314+01:00","recording_url":"https://cdn.media.ccc.de/congress/34c3-chaoswest/webm-hd/34c3-chaoswest-3-eng-Namecoin_as_a_Decentralized_Alternative_to_Certificate_Authorities_for_TLS_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/23315","event_url":"https://api.media.ccc.de/public/events/1c3ff3c0-00f3-5d3b-b141-c8db54bf0b26","conference_url":"https://api.media.ccc.de/public/conferences/34C3-chaoswest"}]}