Interesting People mailing list archives
RE: more on Breaking America's grip on the net
From: "David Farber" <dave () farber net>
Date: Sun, 9 Oct 2005 13:27:49 -0500
_______________ Forward Header _______________ Subject: RE: [IP] more on Breaking America's grip on the net Author: Christian Huitema <huitema () windows microsoft com> Date: 9th October 2005 9:34:34 am Russell Nelson describes how P2P systems could resolve names like "example.com" without relying on any centralized database. That is true, but there is the little problem of security. How can we stop the wrong guys from pretending to be "example.com" as well? So far, there are few solutions. One way to ensure "safe peer-to-peer naming" is to publish names that are self-verifying, e.g. hashes of the public key of the publisher. After resolving the name, it is easy to verify that the other end is the right one. The problem is that, instead of names like "example.com", you get names like "12AE-B456-CD78-9F03". There are applications where that works, but they clearly belong to the category of "finding back someone you already know". Another way is to publish something like "example.com", and to use some kind of X.509 certificate to verify the address after resolution. The problem there is that one needs to rely on a small set of "well known certification authorities" to sign the certificate. So, one essentially moves the problem of name ownership from registration in a top-level-domain database to registration in a certificate authority's data base. If one wants differentiated controls, e.g. different authorities for ".com" and ".fr", then one needs to publish the equivalent of a root file, the list of certification authorities that are associated with various top-level domains. I personally believe that a peer-to-peer system would be better than the current hierarchical design. It may be potentially more robust, although teething problems are likely to be interesting. It cannot entirely do away with hierarchies and authorities if we want both "friendly names" and "security". But it does allow for some decentralization, and it certainly does away with the fears of "censorship at the root" or "censorship at the top". -- Christian Huitema ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- RE: more on Breaking America's grip on the net David Farber (Oct 09)
- <Possible follow-ups>
- more on Breaking America's grip on the net David Farber (Oct 10)
- more on Breaking America's grip on the net David Farber (Oct 13)
- more on Breaking America's grip on the net Dave Farber (Oct 14)