RE: [IP] more on Breaking America's grip on the net

To: ip@xxxxxxxxxxxxxx
Subject: RE: [IP] more on Breaking America's grip on the net
From: "David Farber" <dave@xxxxxxxxxx>
Date: Sun, 9 Oct 2005 13:27:49 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx

_______________ Forward Header _______________
Subject:        RE: [IP] more on Breaking America's grip on the net
Author: Christian Huitema <huitema@xxxxxxxxxxxxxxxxxxxxx>
Date:           9th October 2005 9:34:34 am

Russell Nelson describes how P2P systems could resolve names like "example.com" 
without relying on any centralized database. That is true, but there is the 
little problem of security. How can we stop the wrong guys from pretending to 
be "example.com" as well? So far, there are few solutions.

One way to ensure "safe peer-to-peer naming" is to publish names that are 
self-verifying, e.g. hashes of the public key of the publisher. After resolving 
the name, it is easy to verify that the other end is the right one. The problem 
is that, instead of names like "example.com", you get names like 
"12AE-B456-CD78-9F03". There are applications where that works, but they 
clearly belong to the category of "finding back someone you already know".

Another way is to publish something like "example.com", and to  use some kind 
of X.509 certificate to verify the address after resolution. The problem there 
is that one needs to rely on a small set of  "well known certification 
authorities" to sign the certificate. So, one essentially moves the problem of 
name ownership from registration in a top-level-domain database to registration 
in a certificate authority's data base. If one wants differentiated controls, 
e.g. different authorities for ".com" and ".fr", then one needs to publish the 
equivalent of a root file, the list of certification authorities that are 
associated with various top-level domains. 

I personally believe that a peer-to-peer system would be better than the 
current hierarchical design. It may be potentially more robust, although 
teething problems are likely to be interesting. It cannot entirely do away with 
hierarchies and authorities if we want both "friendly names" and "security". 
But it does allow for some decentralization, and it certainly does away with 
the fears of "censorship at the root" or "censorship at the top".

-- Christian Huitema

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: . Re: [IP] The Blackberry patent debacle is in the ne ws again
Next by Date: more on Progress and Freedom Foundation: Leave DMCA alone, don't permit circumvention! [ip] {v2}
Previous by thread: . Re: [IP] The Blackberry patent debacle is in the ne ws again
Next by thread: [IP] more on Breaking America's grip on the net
Index(es):
- Date
- Thread