Namecoin is an experimental open-source technology which improves decentralization, security, censorship resistance, privacy, and speed of certain components of the Internet infrastructure such as DNS and identities.
(For the technically minded, Namecoin is a key/value pair registration and transfer system based on the Bitcoin technology.)
Bitcoin frees money – Namecoin frees DNS, identities, and other technologies.
What can Namecoin be used for?
- Protect free-speech rights online by making the web more resistant to censorship.
- Attach identity information such as GPG and OTR keys and email, Bitcoin, and Bitmessage addresses to an identity of your choice.
- Human-meaningful Tor .onion domains.
- Decentralized TLS (HTTPS) certificate validation, backed by blockchain consensus.
- Access websites using the .bit top-level domain.
- Proposed ideas such as file signatures, voting, bonds/stocks/shares, web of trust, notary services, and proof of existence. (To be implemented.)
What does Namecoin do under the hood?
- Securely record and transfer arbitrary names (keys).
- Attach a value (data) to the names (up to 520 bytes).
- Transact the digital currency namecoins (NMC).
- Like bitcoins, Namecoin names are difficult to censor or seize.
- Lookups do not generate network traffic (improves privacy).
Namecoin was the first fork of Bitcoin and still is one of the most innovative “altcoins”. It was first to implement merged mining and a decentralized DNS. Namecoin was also the first solution to Zooko’s Triangle, the long-standing problem of producing a naming system that is simultaneously secure, decentralized, and human-meaningful.
2018-05-21 Last episode: When we last left our hero, tlsrestrict_nss_tool had a few unfixed bugs that made it unusable on Windows. Everyone believed those bugs would be the final ones. Were they? And now, the conclusion to our 2-part special:
2018-05-20 Now that we got NSS
certutil reproducibly cross-compiled for Windows, initial testing has begun on
tlsrestrict_nss_tool for Windows.
2018-05-17 In a previous post where I introduced
tlsrestrict_nss_tool, I mentioned that NSS’s
certutil doesn’t have official binaries for Windows, and that “At some point, we’ll probably need to start cross-compiling NSS ourselves, although I admit I’m not sure I’m going to enjoy that.” Well, we’ve reached that point, and it was an interesting adventure.
2018-05-14 I discussed in a previous post some experimental work on making ncdumpzone output a Firefox certificate override list. At that time, the procedure wasn’t exactly user-friendly: you’d need to run ncdumpzone from a terminal, redirect the output to a file, close Firefox, delete whatever existing
.bit entries existed in the existing Firefox certificate override file, append the ncdumpzone output to that file, and relaunch Firefox. I’ve now integrated some code into ncdns that can automate this procedure.
2018-05-12 One of the more obscure DNS record types is
DNAME (AKA the Namecoin
"translate" JSON field), which is basically a DNS redirect for an entire subtree. For example, currently
radio.bit. has a
DNAME record pointing to
biteater.dtdns.net., which means that any subdomain (e.g.
batman.radio.bit.) becomes a
CNAME redirect (e.g. to
2018-04-19 We’ve released
cross_sign_name_constraint_tool v0.0.2 and
tlsrestrict_nss_tool v0.0.2. These implement the functionality described in my previous post on Integrating Cross-Signing with Name Constraints into NSS (and the earlier posts that that post links to).
2018-04-17 We’ve released ncdns v0.0.6. List of changes:
2018-04-03 Binaries of ConsensusJ-Namecoin (the Namecoin lightweight SPV lookup client) v0.2.7 are now released on the Beta Downloads page page. This is based on the source code that was released earlier. Notable new things in this release:
2018-03-26 At the end of my previous post about porting cross-signing with name constraints to Go, I mentioned that the next phase was to automate the procedure of applying the constraints to all root CA’s in NSS, instead of needing to manually dump CA’s one-by-one from NSS, run them through my Go tool (currently named
cross_sign_name_constraint_tool, because I’ve exhausted my witty software naming quota on another project), and import them back into NSS. I’m happy to report that this next phase is essentially complete, and in my testing I blacklisted certificates for the
.org TLD regardless of which built-in root CA they chained to (without any impact on other TLD’s).
2018-03-25 In my previous post about achieving negative certificate overrides using cross-signing and name constraints, I discussed how the technique could make Namecoin-authenticated TLS possible in any TLS application that uses p11-kit or NSS for its certificate storage. However, the proof-of-concept implementation I discussed in that post was definitely not a secure implementation (nor was the code sane to look at), due to the usage of OpenSSL’s command line utility (glued to itself with Bash) for performing the cross-signing. I’m happy to report that I’ve ported the OpenSSL+Bash-based code to Go.
Official anouncements will also be made on this BitcoinTalk thread.
Help keep us strong. You can donate to the Namecoin project here.