Interesting People mailing list archives

RE: more on Breaking America's grip on the net

From: "David Farber" <dave () farber net>
Date: Sun, 9 Oct 2005 13:27:49 -0500

_______________ Forward Header _______________
Subject:        RE: [IP] more on Breaking America's grip on the net
Author: Christian Huitema <huitema () windows microsoft com>
Date:           9th October 2005 9:34:34 am

Russell Nelson describes how P2P systems could resolve names like "example.com" without relying on any centralized 
database. That is true, but there is the little problem of security. How can we stop the wrong guys from pretending to 
be "example.com" as well? So far, there are few solutions.

One way to ensure "safe peer-to-peer naming" is to publish names that are self-verifying, e.g. hashes of the public key 
of the publisher. After resolving the name, it is easy to verify that the other end is the right one. The problem is 
that, instead of names like "example.com", you get names like "12AE-B456-CD78-9F03". There are applications where that 
works, but they clearly belong to the category of "finding back someone you already know".

Another way is to publish something like "example.com", and to  use some kind of X.509 certificate to verify the 
address after resolution. The problem there is that one needs to rely on a small set of  "well known certification 
authorities" to sign the certificate. So, one essentially moves the problem of name ownership from registration in a 
top-level-domain database to registration in a certificate authority's data base. If one wants differentiated controls, 
e.g. different authorities for ".com" and ".fr", then one needs to publish the equivalent of a root file, the list of 
certification authorities that are associated with various top-level domains. 

I personally believe that a peer-to-peer system would be better than the current hierarchical design. It may be 
potentially more robust, although teething problems are likely to be interesting. It cannot entirely do away with 
hierarchies and authorities if we want both "friendly names" and "security". But it does allow for some 
decentralization, and it certainly does away with the fears of "censorship at the root" or "censorship at the top".

-- Christian Huitema

-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Current thread:

RE: more on Breaking America's grip on the net David Farber (Oct 09)
- <Possible follow-ups>
- more on Breaking America's grip on the net David Farber (Oct 10)
- more on Breaking America's grip on the net David Farber (Oct 13)
- more on Breaking America's grip on the net Dave Farber (Oct 14)