Blockchain as Root-CA for human-readable .onion domains

The .onion domain has been officially approved as a special domain by the IETF. :)

Onion domains are decentralized and secure inside the TOR network, but not human-meaningful. Human brains have problems to remind and assign them to services. This problem is called Zooko's triangle. (https://en.wikipedia.org/wiki/Zooko's_triangle) The scandals in the last three years with certificate authorities issuing not-validated certificates and intermediate-certificates or being hacked have shown certificate authorities are not reliable which breaks security of SSL/TLS.

The Namecoin project project has proven it's possible to solve Zooko's triangle using a blockchain as distributed database to assign globally-unique self-registered IDs of any format to an asymmetric key-pair of a blockchain wallet. (https://wiki.namecoin.org/index.php?title=Identity)

So I suggest to use a blockchain as Root-CA.

How it can work:

Registering name/creating certificates:

1. User uses the TOR-client to create and save (e.g. paper-wallet) an asymmetric wallet key-pair.
2. User uses the TOR-client to send a registration request for the tuple : to the blockchain network
3. The nodes in the blockchain-network confirm the registration request
4. User uses the TOR-client to create X.509 server-certificates with the Common Name '.onion' signed with the of the blockchain wallet
5. TOR client uses the triple :: from the X.509-certificate to register a hidden-service

Root-CA-lookup:

1. The TOR-client can use an overlay-filesystem to present the tuple : from the blockchain as X.509-root-certificate files in the SSL root-certificate-directory of the operating system (e.g. /etc/ssl/certs on Linux).

2. Authentication applications (e.g. TLS/SSL) find the virtual X.509 root-certficates in the filesystem like any other x.509-certificate.

Trac:
Username: renne