dnschain - npm Package Compare versions

Comparing version 0.5.2 to 0.5.3

docs/Security-Model.md

docs/setting-up-dnschain-namecoin-powerdns-server_freebsd.md

docs/setting-up-dnschain-namecoin-powerdns-server_ubuntu.md

docs/Comparison.md

		@@ -12,3 +12,3 @@ # DNSChain versus...

		Google's Certificate Transparency proposal wants certificate authorities (CAs) to "make a note" all of the certificates that they issue into a log. [It does not protect against NSA spying and MITM attacks](http://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/). Website owners are then asked to monitor these logs to see if their clients were hacked. Everyone online still forced to trust the bad apple (the least trustworthy CA).
		Google's Certificate Transparency proposal wants certificate authorities (CAs) to publicly log all of the certificates that they issue. [It does not protect against NSA spying and MITM attacks](https://blog.okturtles.com/2015/03/certificate-transparency-on-blockchains/). Website owners are then asked to monitor these logs to see if their clients were hacked. Everyone online still forced to trust the bad apple (the least trustworthy CA).

		@@ -59,21 +59,18 @@ - __Best case scenario: mis-issuance detected _after_ damage has been done. The CA blames hackers.__

		[Thin Clients](https://en.bitcoin.it/wiki/Thin_Client_Security) are actually really great! They offer a way to access blockchain data in an extremely efficient and lightweight manner while maintaining a level of security that is almost as good as that provided by a full node (and in the case of "SPV+" or "UTXO" type clients, possibly equivalent, depending on how it's implemented).
		[Thin Clients](https://en.bitcoin.it/wiki/Thin_Client_Security) are [very important](https://blog.okturtles.com/2015/06/proof-of-transition-new-thin-client-technique-for-blockchains/) and we are working to define and integrate [arbitrary thin client techniques](https://blog.okturtles.com/2015/06/proof-of-transition-new-thin-client-technique-for-blockchains/) into DNSChain.

		Some concerns with Thin Clients include:
		So far most thin clients use Simplified Payment Verification (SPV) as their verification method. SPV may not work well in all situations, however:

		- Their non-existence. As soon as thin clients that can be used to do arbitrary key/value lookups come about, DNSChain plans to support them!
		- Over-reliance on SPV(+) clients can lead to a centralization of the entire network as fewer full nodes are being operated. Ultimately, the network is only as healthy as the number of full nodes there are, and full nodes can only reasonably be run on a server. (DNSChain helps make the security of full nodes accessible today at the cost of having to trust the DNSChain servers you're talking to. If that's a concern, clients can increase the number of DNSChain servers they talk to.)
		- Some platforms do not support Thin Clients well. Examples include:
		* Apple's iOS does not allow you to download and run a thin client (or any server) in the background that other apps can talk to. Therefore any app that wanted to talk to the blockchain would need to bundle its own thin client. On mobile devices, it is far more practical for apps to talk to DNSChain.
		* Thin clients that perform DNS could result in a poor user experience on mobile devices if they've been offline for a prolonged period of time. They would need to wait until the thin client synced up with the network before it could be used reliably. DNSChain, on the other hand, provides instant access to the blockchain.
		- As mentioned previously, there are different kinds of thin clients, some of which provide a better user experience and security than others. It will be a while before we see high quality ones that can be used for DNS in the wild.
		- Apple's iOS does not allow you to download and run servers in the background that other apps can talk to. This is an issue for SPV, which needs to always remain synced with the network.
		- SPV can result in a slower user experience on mobile devices. If the device has been off for a while, users would need to wait until the thin client syncs back up with the network before before accessing online resources.

		That all said, you should support thin client development as they are a very powerful and useful tool for effectively improving online security.
		[Proof-of-Transition](https://blog.okturtles.com/2015/06/proof-of-transition-new-thin-client-technique-for-blockchains/) is a thin client technique that may work better on iOS.

		When they do start popping up, they can choose whether to directly implement the [Openname Resolver Specification](https://github.com/openname/openname-specifications/blob/master/resolvers.md) or use DNSChain as "middleware" so that apps have a simple and standard interface for communicating with the blockchain.
		It's important to remember that while thin clients are very important, blockchains are only as healthy as the number of full nodes there are, and full nodes can only reasonably be run on a server. DNSChain helps encourage the wider deployment of full nodes by making them accessible over a single protocol.

		Useful resources on thin clients:

		- :page_facing_up: __[Proof of Transition: New Thin Client Technique for Blockchains](https://blog.okturtles.com/2015/06/proof-of-transition-new-thin-client-technique-for-blockchains/)__
		- :page_facing_up: __[Bitcoin wiki: Thin Client Security](https://en.bitcoin.it/wiki/Thin_Client_Security)__
		- :page_facing_up: __[Various types of thin clients Namecoin is exploring](https://github.com/hlandau/ncdocs/blob/master/stateofnamecoin.md)__
		- :page_facing_up: __[Namecoin blog: Lightweight Resolvers](http://blog.namecoin.org/post/109811339625/lightweight-resolvers)__

docs/dot-bit-Domains-and-Identities.md

		# Blockchain Domain Names and Identities

		`.bit` domains and public identities are currently stored in the Namecoin network. It's very similar to the Bitcoin network, but designed for domain names.
		Register domains and identities using blockchain-specific software (like `namecoind` for Namecoin's `.bit` domains). You can also register identities by using services like [Onename](https://onename.io).

		All of this must currently be done using `namecoind`, a daemon that DNSChain requires running in the background to access the Namecoin network.
		See the [Namecoin wiki](https://wiki.namecoin.info/index.php?title=Welcome) for more info.

		See the [Namecoin wiki](https://wiki.namecoin.info/index.php?title=Welcome) for more info:

		- [Registering .bit domains](https://wiki.namecoin.info/index.php?title=Register_and_Configure_.bit_Domains)
		- [Registering `.bit` domains](https://wiki.namecoin.info/index.php?title=Register_and_Configure_.bit_Domains)
		- [Regitering identities at Onename.io](https://onename.io)
		- [Global public identities specification](https://wiki.namecoin.info/index.php?title=Identity)
		- [Regitering identities at OneName.io](https://onename.io)

docs/How-do-I-run-my-own.md

		@@ -12,3 +12,3 @@ # How do I run my own DNSChain Server?

		1. `nodejs` (or `iojs`), and `npm` - We recommend using a package manager to install them.
		1. `nodejs` (or `iojs`), and `npm` - We recommend using a package manager to install them
		2. [coffee-script](https://github.com/jashkenas/coffee-script) (version 1.7.1+) - install via `npm install -g coffee-script`
		@@ -126,1 +126,5 @@ 3. A supported blockchain daemon like `namecoind`
		:page_facing_up: [Guide to Setting Up DNSChain + Namecoin + PowerDNS on Debian Wheezy](setting-up-dnschain-namecoin-powerdns-server.md)

		:page_facing_up: [Guide to Setting Up DNSChain + Namecoin + PowerDNS on Ubuntu](setting-up-dnschain-namecoin-powerdns-server_ubuntu.md)

		:page_facing_up: [Guide to Setting Up DNSChain + Namecoin + PowerDNS on FreeBSD](setting-up-dnschain-namecoin-powerdns-server_freebsd.md)

docs/How-do-I-use-it.md

		@@ -7,4 +7,4 @@ # How do I use DNSChain?
		- [Supported blockchains](<#Blockchains>)
		- [Free public DNSChain servers](<#MITMProof>)
		- [Registering blockchain domains and identities](<#GPG>)
		- [Free public DNSChain servers](<#Servers>)
		- [Registering blockchain domains and identities](<#Registering>)

		@@ -24,3 +24,3 @@ <a name="Using"></a>

		- [http://api.dnschain.net/v1/dnschain/fingerprint](http://api.dnschain.net/v1/namecoin/fingerprint)
		- [http://api.dnschain.net/v1/dnschain/fingerprint](http://api.dnschain.net/v1/dnschain/fingerprint)

		@@ -27,0 +27,0 @@ Query: _What is the GPG key for `id/greg` in Namecoin?_

docs/setting-up-dnschain-namecoin-powerdns-server.md

		@@ -149,4 +149,4 @@ # How-to setup a DNSChain Server
		$ dig @127.0.0.1 okturtles.bit
		$ curl http://127.0.0.1:8000/d/okturtles
		$ curl http://127.0.0.1:8000/v1/namecoin/key/d%2Fokturtles

		The first `dig` command ought to return the IP address for `okturtles.bit` and the second should return all the information associated with this domain name, including IP address, TLS fingerprint and more. If so, congratulations, everything works just fine!

docs/What-is-it.md

		@@ -60,3 +60,3 @@ # What is DNSChain?

		okTurtles is working with Onename to develop [a spec](https://github.com/openname/openname-specifications/blob/master/resolvers.md) for RESTful access to blockchains. Here's what it looks like:
		okTurtles is working with Onename to develop [a spec](https://github.com/okTurtles/openname-specifications/blob/resolvers/resolvers.md) for RESTful access to blockchains. Here's what it looks like:

		@@ -82,3 +82,3 @@ https://api.example.com/v1/namecoin/key/id%2Fbob

		:page_facing_up: See complete details: [Openname Resolver Specification](https://github.com/openname/openname-specifications/blob/master/resolvers.md)
		:page_facing_up: See complete details: [Openname Resolver Specification](https://github.com/okTurtles/openname-specifications/blob/resolvers/resolvers.md)

		@@ -85,0 +85,0 @@ <a name="Free"></a>

HISTORY.md

		@@ -11,2 +11,3 @@ ###### 0.5.2 - March 11, 2015
		- __Fixes:__
		+ #138: Nxt resolver not working
		+ #140: Prevent non-json values in Namecoin from returning "Not found"
		@@ -13,0 +14,0 @@ + #141: Allow arbitrary namecoin keys, but enforce ICANN domain rules for for `d/`

package.json

		{
		"name": "dnschain",
		"version": "0.5.2",
		"version": "0.5.3",
		"description": "A blockchain-based DNS + HTTPS server that fixes HTTPS security, and more!",
		@@ -44,3 +44,3 @@ "homepage": "https://github.com/okTurtles/dnschain",
		"express": "4.11.2",
		"hiredis": "0.2.0",
		"hiredis": "0.4.1",
		"json-rpc2": "0.8.1",
		@@ -47,0 +47,0 @@ "lodash": "3.1.0",

README.md

		@@ -21,15 +21,16 @@ # DNSChain
		<!-- This extra line is necessary for table to render properly. -->
		\| \| DNSChain \| X.509 PKI [with or without Certificate Transparency][ct] \|
		\|--------------------------------------------------------------------------\|--------------------\|----------------------------------------------------------\|
		\| __MITM-proof'ed [Internet connections][mitm]__ \| :white_check_mark: \| :x: \|
		\| __Secure and simple [GPG key distribution][gpg]__ \| :white_check_mark: \| :x: \|
		\| __MITM-proof RESTful [API to blockchain][api]__ \| :white_check_mark: \| :x: \|
		\| __Free and [actually-secure][free] SSL certificates__ \| :white_check_mark: \| :x: \|
		\| __Stops many [denial-of-service attacks][dos]__ \| :white_check_mark: \| :x: \|
		\| __Certificate revocation [that actually works][rev]__ \| :white_check_mark: \| :x: \|
		\| __DNS-based [censorship circumvention][cens]__ \| :white_check_mark: \| :x: \|
		\| __Prevents [domain theft][theft] ("seizures")__ \| :white_check_mark: \| :x: \|
		\| __Access blockchain [domains like `.bit`, `.p2p`, `.nxt`, `.eth`][use]__ \| :white_check_mark: \| :x: \|
		\| \| DNSChain \| X.509 PKI with [Certificate Transparency][ct] \|
		\|--------------------------------------------------------------------------\|--------------------\|-----------------------------------------------\|
		\| __MITM-proof'ed [Internet connections][mitm]__ \| :white_check_mark: \| :x: \|
		\| __Secure and simple [GPG key distribution][gpg]__ \| :white_check_mark: \| :x: \|
		\| __MITM-proof RESTful [API to blockchain][api]__ \| :white_check_mark: \| :x: \|
		\| __Free and [actually-secure][free] SSL certificates__ \| :white_check_mark: \| :x: \|
		\| __Stops many [denial-of-service attacks][dos]__ \| :white_check_mark: \| :x: \|
		\| __Certificate revocation [that actually works][rev]__ \| :white_check_mark: \| :x: \|
		\| __DNS-based [censorship circumvention][cens]__ \| :white_check_mark: \| :x: \|
		\| __Prevents [domain theft][theft] ("seizures")__ \| :white_check_mark: \| :x: \|
		\| __Access blockchain [domains like `.bit`, `.p2p`, `.nxt`, `.eth`][use]__ \| :white_check_mark: \| :x: \|
		\| __Certificate transparency (publicly auditable log of certs)__ \| :white_check_mark: \| :white_check_mark: ([maybe][ct]) \|

		[ct]: https://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/
		[ct]: https://blog.okturtles.com/2015/03/certificate-transparency-on-blockchains/
		[mitm]: docs/What-is-it.md#MITMProof
		@@ -45,3 +46,3 @@ [gpg]: docs/What-is-it.md#GPG

		:star: See Also: [How DNSChain Compares To Other Approaches](docs/Comparison.md)
		:star: See Also: [Comparison](docs/Comparison.md) and [Security Model](docs/Security-Model.md)

		@@ -112,2 +113,3 @@ ## Documentation
		- Let's Talk Bitcoin: [Security in Decentralized Domain Name Systems](http://letstalkbitcoin.com/blog/post/security-in-decentralized-domain-name-systems)
		- ProgrammableWeb: [Can the blockchain replace ~~SSL~~ X.509?](https://www.programmableweb.com/news/can-blockchain-replace-ssl/analysis/2015/03/17)
		- [An intro to DNSChain: Low-trust access to definitive data sources](http://simondlr.com/post/94988956673/an-intro-to-dnschain-low-trust-access-to)
		@@ -137,2 +139,4 @@ - [How to setup a blockchain DNS server with DNSChain](docs/setting-up-dnschain-namecoin-powerdns-server.md)
		- [Anton Wilhelm](https://github.com/toenu23) (Support for [Nxt](http://nxt.org) cryptocurrency)
		- [Tim Uy](https://github.com/tofutim) (Ubuntu tutorial)
		- [Michael Bumann](https://twitter.com/bumi) (optional CORS support)
		- Your name & link of choice here!
		@@ -144,2 +148,9 @@

		###### 0.5.3 - September 5, 2015

		- __New Features:__
		+ Optional CORS support from [Michael Bumann](https://twitter.com/bumi) (thanks!).
		- __Improvements:__
		+ Bumped `hiredis` to 0.4.1 for latest iojs compat.

		###### 0.5.2 - March 11, 2015
		@@ -155,2 +166,3 @@
		- __Fixes:__
		+ #138: Nxt resolver not working
		+ #140: Prevent non-json values in Namecoin from returning "Not found"
		@@ -157,0 +169,0 @@ + #141: Allow arbitrary namecoin keys, but enforce ICANN domain rules for for `d/`

.travis.yml

Sorry, the diff of this file is not supported yet

src/lib/config.coffee

Sorry, the diff of this file is not supported yet

src/lib/http.coffee

Sorry, the diff of this file is not supported yet

test/https.coffee

Sorry, the diff of this file is not supported yet

dnschain - npm Package Compare versions

Improved metrics

Dependency changes