Re: [saag] post-X509 cryptographic identities

[Henry Story <henry.story@gmail.com>]

> On 13 Feb 2020, at 20:19, Nico Williams <nico@cryptonector.com> wrote:
> 
> On Thu, Feb 13, 2020 at 07:48:18PM +0100, Henry Story wrote:
>> I think one has to take it as a ”fait accompli” that domain name
>> dilution has happened. In any case asking people to remember the
>> meaning of 2 character codes for country names globally would have
>> required a huge investment in teacher training, child training etc… to
>> accomplish.  Most Europeans have trouble remembering where US states
>> are located even though it is taught in final years around the age of
>> 17-18. Most US citizens have trouble remembering all the states of
>> Europe, even though many had ancestors the immigrated from here.
> 
> That's a misconception, that peole need to know country codes.  Or that
> we need anything like geopolitical hierarchy in the DNS, except for the
> purposes of registration and dispute resolution, which requires
> namespaces with registries, registrars, and sovereign jurisdictions, but
> not much more.
> 
>> That is not the way to do things. Instead lets accept that choosing
>> domain names is taken over by marketing folks, that poor countries are
> 
> Yes.
> 
>> selling their domains to make much needed money, etc… Furthermore the
>> only way to get rid of domain name squatters is to make their business
>> irrelevant by just adding new domain names.
>> 
>> Instead one should lead the Sovereigns to enter into the web by providing
>> data in machine readable format, about the companies and web sites that
>> wish to tie themselves to those legal institutions, the benefits of
>> which are not to be underestimated: you only need to live some time in
>> lawless zones, from squats onwards to understand how helpful the law
>> is.  This can be done in a purely opt in basis, though it would
>> require some conventions to be agreed upon, and the basic naming
>> infrastructure to work securely.
> 
> We have this now.
> 
> You might propose tweaking governance.  You might propose all sorts of
> things, but some will be easier to pull off than others.

This official data is being put together in machine readable format
such as JSON-LD, under umbrella projects going under the name of ”Open Data”. 

> 
>> Btw. one of the reasons why the system worked for so long, is that initially
>> the web of trust on which domain names and URIs built was built up
>> in a peer to peer manner by people linking pages. Those pages that got
>> the most links rose to the top in search engines that started using that
>> information (At AltaVista we did not know how to do it).
> 
> Yes, the search engines function as a sort of registry.

One that depends on the correctness of the information published,
even if only statistically. 

> 
>> Now that undermining the system of links through bots has a lot of 
>> value, that architecture no longer works. One actually now needs the
>> systems that have evolved to deal with law and law breakers, which
>> are called states, and which exist in diplomatic/anarchic relations
>> with one another.
> 
> Yes.  But would any alternative look that different to the current DNS?
> I am very skeptical.

As I see it, the problems is not at the naming layer
at which DNS is located where the problem is that of attaching a name 
to an IP Address. Whatever system is used - bare ipv6-addresses, 
namecoins, onion domains,… - all these  only give a way to identify 
agencies in charge of machines. What is important is knowing what
agencies those are!

What is needed is rich information that ties these ”publication machines” 
to machine readable official information about those entities.  This info
exists: states put that together to gather taxes, provide services, base legal enforcement on it, … 

The web site could link to such official machine readable information
by using a ”registry” Link relation in an http header.

I have illustrated this on my web site 

$ curl -I https://co-operating.systems/
HTTP/1.1 200 OK
Date: Thu, 13 Feb 2020 20:08:05 GMT
Server: Apache/2.4.38 (Debian)
Last-Modified: Thu, 16 Jan 2020 21:48:01 GMT
ETag: "22d6-59c48c7766109"
Accept-Ranges: bytes
Content-Length: 8918
Vary: Accept-Encoding
Link: <https://api.companieshouse.gov.uk/company/09920845>; rel="registry"
Content-Type: text/html


The data one can get by following that link, is the following
(though for some reason the machine readable version of the public
information is currently protected by a api token)

$ curl -u token https://api.companieshouse.gov.uk/company/09920845
{
  "registered_office_address": {
    "locality": "London",
    "address_line_1": "2, Harlequin Court",
    "address_line_2": "6 Thomas More Street",
    "country": "United Kingdom",
    "postal_code": "E1W 1AR"
  },
  "undeliverable_registered_office_address": false,
  "has_insolvency_history": false,
  "company_number": "09920845",
  "jurisdiction": "england-wales",
  "company_status": "active",
  "has_charges": false,
  "type": "ltd",
  "company_name": "CO-OPERATING SYSTEMS LTD.",
  "date_of_creation": "2015-12-17",
  "domain": ["co-operating.systems","www.co-operating.systems"], 
  "accounts": {
    "next_due": "2018-09-30",
    "accounting_reference_date": {
      "day": "31",
      "month": "12"
    },
    "last_accounts": {
      "period_start_on": "2015-12-17",
      "made_up_to": "2016-12-31",
      "period_end_on": "2016-12-31",
      "type": "dormant"
    },
...,
}


Notice the ”domain” attributes, which provides a link back, in
order to allow the web agent to verify that the json-ld record above
is indeed information about that web site, and not some other.

How does the agent know https://api.companieshouse.gov.uk is
an official web site? Well the same game is played once more
creating a chain of trust up to a Web of Nations linking to
the browser users trust anchor. For a US citizen that could
be gov.us 

I summaries this in 2 pages here:

https://co-operating.systems/2019/07/29/Web_of_Nations.proposal.pdf

Technically this is pretty simple. Most of the standards to 
do this exist. Some ontologies would need to be developed and
agreed upon.

> 
> Nico

> --