Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security

Ben Laurie <benl@google.com> Sat, 14 December 2013 19:12 UTC

Return-Path: <benl@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C40A31AE170 for <therightkey@ietfa.amsl.com>; Sat, 14 Dec 2013 11:12:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.38
X-Spam-Level:
X-Spam-Status: No, score=-1.38 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1_yNY-uKHZhj for <therightkey@ietfa.amsl.com>; Sat, 14 Dec 2013 11:12:26 -0800 (PST)
Received: from mail-vb0-x234.google.com (mail-vb0-x234.google.com [IPv6:2607:f8b0:400c:c02::234]) by ietfa.amsl.com (Postfix) with ESMTP id D16771ADBCB for <therightkey@ietf.org>; Sat, 14 Dec 2013 11:12:21 -0800 (PST)
Received: by mail-vb0-f52.google.com with SMTP id p5so2195787vbn.11 for <therightkey@ietf.org>; Sat, 14 Dec 2013 11:12:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=GqCsa/E7yc8mfNYkFJVFrX5S5KXB8TYgn98017M7Cc8=; b=GGw9Yfched8XpV4fjGvDKEe6vmcBLeW8bxqBxEk7F/Z3J3+4wX5AjRJDc6Xg+SGO8J x6JBUqY1rBMsHttpPg/ZnPqTHzcQiSB2bygeVGSV4UtHNxlVTmTU5i09uZ0YaJ8B/MiA rriGXkbGdLbPSRyxOK7yUf0Je7UkZxnnbufkx9gqjVmqAh2qxy89gLxj0KzRS7r8IAiQ sHY+F8VGTGd3mkYDLmgy2LvGX2MnqV4ddXGWFMa7uV8RjPqTsjWJVPENlWZNSz+kpZZb tfZahb6OfNM80A4yXHKmYLJ1y8EoR8cL9DsGWCERhBoq4AGE6tTn/YfYnRAwtTHhKZpr Firw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=GqCsa/E7yc8mfNYkFJVFrX5S5KXB8TYgn98017M7Cc8=; b=Ie2Yd/CgjBCvQBQMnWqbwAVuaY5liFovc1lAYT6wVf5P7kAPj/qzQk86/2eSFXRqsT 4zVtCZ2ipNv7qQ+4+b3zkId8i5m1ZyeFG1I3+sl72hL+e9QMWXV/ns1WgTgvi7RYgLKb V3zK36sSgHSJxeCpYD9vSJvZoHeR2scC6X/KAdTQaP0auFIpTGXepVkNA0ljXl3E0byO MXCpdUVZzQN8G9evunTovAgikUgTJBUPXQ7bdWaMmrsKTLV3uRA69KcElwloMS5XBUK+ Gq34CKB0b5jziM+5iWZ4k8BvBNVMuEW0WawZfcjXINPK9839o6EL7Q35wWc7l3lqIMNN VJqw==
X-Gm-Message-State: ALoCoQlVjdNa7WMOxpoQYcNBXOZnOeWc1DaTkCszDFu6FsvuAM0PhBnaSuHQKWVGXkuMjCxAgc3kmTPN+05hnPaY4mxoHjgHTlmj+Cq03bRmNchmbYGqED62O4j4lcYgdp0GM28jYDpiokI409DH4sg+8uSF+dPFhWtEXfG+8qg5OIXiyfrVvZOY77gxDdA7v9NFrxRUTtn7
MIME-Version: 1.0
X-Received: by 10.58.95.97 with SMTP id dj1mr4620052veb.21.1387048334623; Sat, 14 Dec 2013 11:12:14 -0800 (PST)
Received: by 10.52.183.65 with HTTP; Sat, 14 Dec 2013 11:12:14 -0800 (PST)
In-Reply-To: <22429D73-4EFC-4091-8F5B-BAD38968EA54@taoeffect.com>
References: <22429D73-4EFC-4091-8F5B-BAD38968EA54@taoeffect.com>
Date: Sat, 14 Dec 2013 19:12:14 +0000
Message-ID: <CABrd9SQebG0+DpnD0GXD8nOXa2FSSKp8LLbBO+q1PxAEJ6dQcw@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Tao Effect <contact@taoeffect.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Cc: "therightkey@ietf.org" <therightkey@ietf.org>
Subject: Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Dec 2013 19:12:30 -0000
X-List-Received-Date: Sat, 14 Dec 2013 19:12:30 -0000

On 14 December 2013 04:56, Tao Effect <contact@taoeffect.com> wrote:
> Hi list,
>
> Was referred here from another IETF-related list. Just announced a project
> that combines several technologies that address the security issues with TLS
> to "NSA-proof" the web.
>
> Here is an excerpt from the paper (link to paper below it):
>
> DNSNMC fixes the authentication problems previously described, and it
> addresses all of the problems that with the previously mentioned proposals.
> It does this first by combining DNS with Namecoin (NMC), and then by
> encouraging a “trust only those you know” policy.5
>
> “Namecoin is an open source decentralized key/value registration and
> transfer system based on Bitcoin technology”.[16] Namecoin “squares Zooko’s
> Triangle”, meaning, it makes it possible to have domain names (and other
> types of identifiers) that are:
>
> Authenticated: users can be certain that they are not speaking to an
> impostor
>
> Decentralized: there is no central authority controlling all the names

If it is based on bitcoin, that is untrue. Or even if not. See
http://www.links.org/files/decentralised-currencies.pdf.

> Human-readable: names look just like today’s domain names
>
> However, by itself, Namecoin does not provide the means by which ordinary
> users can take advantage of the features it provides. Using Namecoin is far
> too cumbersome for the vast majority of internet users, even those with
> years of computer expertise. For one, it cannot be used on mobile devices
> (like iPhones) in its current state because of its network requirements.
>
> DNSNMC provides the missing “glue” to the Namecoin blockchain that makes it
> immediately accessible to clients of all types with zero configuration. A
> network administrator need only enter the IP address of a DNSNMC-compliant
> DNS server to instantly make the information within the blockchain
> accessible to all of the users that she (or he) provides internet access to.
>
> Paper: http://okturtles.com/other/dnsnmc_okturtles_overview.pdf
>
> Cheers,
> Greg Slepak
> --
> Please do not email me anything that you are not comfortable also sharing
> with the NSA.
>
>
>
> --
> Please do not email me anything that you are not comfortable also sharing
> with the NSA.
>
>
> --
> Please do not email me anything that you are not comfortable also sharing
> with the NSA.
>
>
> _______________________________________________
> therightkey mailing list
> therightkey@ietf.org
> https://www.ietf.org/mailman/listinfo/therightkey
>