Can blockchain be used to improve the security of an operating system?


//cc @JeremyRand

writing software package signatures and/or package repository signatures on the blockchain so history of who signed what cannot be completely rewritten

Definitely check out OpenTimestamps. Developed by Peter Todd, who has an excellent reputation. It’s particularly useful for timestamping package signatures and/or Git signatures. One example use case of doing so is that if a key later gets revoked, you can still verify signatures made with that key prior to the revocation.

OpenTimestamps differs from Namecoin in that while they both can be used for timestamping, OpenTimestamps scales much better (by only putting a Merkle commitment to many timestamps into the blockchain) but does not provide exclusivity proofs like Namecoin does (because Merkle commitments are not compatible with exclusivity proofs). As a result, OpenTimestamps is not usable for certain use cases such as DNS-like things, but for the things it is usable for (e.g. Git/package signatures), it will work much better (less data to transfer, and lower cost) than Namecoin.

login manager login using access controls written on a blockchain (which might be more of a corporate feature)

Similar concept to the OpenID-based NameID PoC that Daniel Kraft made for Namecoin about a decade ago. Probably would not be hard to implement a login manager using Namecoin, but as you allude to, I suspect only a relatively small target audience (e.g. a corporate audience) would want it, and many of those audiences probably already have a trusted 3rd party that could be used instead (e.g. the HR department of a corporation). Generally speaking, if you already have a trusted 3rd party, adding a blockchain to the mix will just introduce a bunch of extra attack surface for little to no security gain, which is probably why no one implemented this use case for Namecoin yet.

more secure DNS

Also note that DNS is sometimes used for PKI purposes (e.g. TLSA and SSHFP records), and Namecoin can therefore be used for this too (but isn’t vulnerable to attack by DNS registrars/registries/ICANN like the DNS is).

1 Like