> Is it not possible to just provide dns resolution and cert pinning via the blockchain, and avoid having to deal with anything HTTP related? Seems overly specific to HTTP for no good reason.
Might be misunderstanding you, but DNSChain is providing DNS resolution and "cert pinning" via the blockchain (the certs in the blockchain can be trusted pretty much as though they were pinned).
The HTTP aspect of it is so that arbitrary applications can provide user-friendly MITM-proofed communication.
In terms of securing communications, DNS is irrelevant. You can spoof DNS IPs all you want, but what ultimately secures the connection is the certificate that you receive, and that's queried over TLS/HTTPS.
Ah, ok, the HTTP proxy thing is just there for ease of use. That seems reasonable then. Pity it has to use a blockchain approach, but scalable cert pinning might just be worth it.
What are you referring to?
> Is it not possible to just provide dns resolution and cert pinning via the blockchain, and avoid having to deal with anything HTTP related? Seems overly specific to HTTP for no good reason.
Might be misunderstanding you, but DNSChain is providing DNS resolution and "cert pinning" via the blockchain (the certs in the blockchain can be trusted pretty much as though they were pinned).
The HTTP aspect of it is so that arbitrary applications can provide user-friendly MITM-proofed communication.
In terms of securing communications, DNS is irrelevant. You can spoof DNS IPs all you want, but what ultimately secures the connection is the certificate that you receive, and that's queried over TLS/HTTPS.