Discuss mailing list

[Rouben <rouben AT rouben.net>]

I wonder if there's an API for Chrome (KHTML) and Firefox (Mozilla) engines to:

- override DNS or proxy (less desirable) settings - this would enable lookups of non-OpenNIC domains normally, and OpenNIC domains through predetermined DNS servers, or perhaps a web API (don't know if DNS lookups are possible from within Chrome/KHTML/Firefox/Mozilla API sandbox)?

- inject root CAs into the browser - again, not sure if that's doable at all with any API

So the above two are requirements to do a "proper" or "native" implementation of OpenNIC content access. Another way to do it, would be to leverage a proxy like http://proxy.opennicproject.org/ - proxy in a bottle so to speak.

Third option is to publish our own distribution of a web browser, like the Onion Browser project, but that's a bit extreme... unless perhaps we can convince the Tor project to modify their browser to use OpenNIC DNS by default?

Rouben

On Fri, Sep 29, 2017 at 9:42 PM, Dustin Souers <texnofobix AT gmail.com> wrote:

Yes they require valid ICANN.

I was experimenting with modifying the Let's Encrypt Boulder server, but OpenNIC users would have to trust a OpenNIC CA.

On Tue, Sep 26, 2017 at 11:47 AM, Amrit Panesar <neo AT 4195tech.com> wrote:

A long, long, time ago, in a thread, far, far, away,

I recall discussions about using CAcert

http://www.cacert.org/

but I can't recall if they require an ICANN FQDN.

has anyone tried recently?

On Tue, Sep 26, 2017 at 5:08 AM, Al Beano <albino AT autistici.org> wrote:

It's definitely a step forward, but there are a couple of issues that, imo, mean we shouldn't promote it as an alternative to just changing your DNS settings:

* The resolvers are run by an unknown party and we have no idea whether they are trustworthy — at least with OpenNIC T2s there is some level of accountability
* HTTPS doesn't work. Even TOFU TLS is better than nothing, and we're moving towards a real CA, so this is important.

Maybe we could solve these issues, but I think new/fixed windows/Mac apps would be a better idea still.

albino

On 26 September 2017 11:57:49 BST, Jonah Aragon <jonah AT triplebit.net> wrote:
>Wow nice!
>
>I’ll test that this afternoon and add it to the wiki if nobody else
>does.
>Anyone should be able to edit that site though.
>
>Jonah
>
>On Mon, Sep 25, 2017 at 11:53 PM Dmitry S. Nikolaev <dn AT mega-net.ru>
>wrote:
>
>> Yes, you right.
>>
>> At this note discussion of the browser exten stopped and new (about
>CA)
>> started at tlsca-wg AT lists.opennicproject.org
>>
>> If we will continue to talk about browser exten than
>> https://blockchain-dns.info/ added support of OpenNIC TLDs already:
>>
>> >https://github.com/B-DNS/Chrome/issues/3
>>
>> and after:
>>
>> 1.0.6 (2017-09-18)
>>
>> Add support for OpenNIC TLDs <https://wiki.opennic.org/opennic/dot>
>(.bbs
>> and others)
>>
>> But there is no info at wiki.opennic.org about it yet.
>>
>> With best regards, Dmitry S. Nikolaev
>> virus_net
>>
>> On 26.09.2017 05:16, rouben AT rouben.net wrote:
>>
>> 0. Browser extension is a brilliant idea, but SSL/TLS is an issue.
>>
>>
>>
>> --------
>> You are a member of the OpenNIC Discuss list.
>> You may unsubscribe by emailing
>> discuss-unsubscribe AT lists.opennicproject.org
>>
>
>
>------------------------------------------------------------------------

>
>
>
>--------
>You are a member of the OpenNIC Discuss list.
>You may unsubscribe by emailing
>discuss-unsubscribe AT lists.opennicproject.org

--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

--

Amrit Panesar

http://amrit.be

--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org