Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security

Tao Effect <contact@taoeffect.com> Mon, 16 December 2013 01:50 UTC

Return-Path: <contact@taoeffect.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAB481AE270 for <therightkey@ietfa.amsl.com>; Sun, 15 Dec 2013 17:50:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.333
X-Spam-Level:
X-Spam-Status: No, score=-1.333 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ZvX1PLQBMSc for <therightkey@ietfa.amsl.com>; Sun, 15 Dec 2013 17:50:30 -0800 (PST)
Received: from homiemail-a61.g.dreamhost.com (caiajhbdcahe.dreamhost.com [208.97.132.74]) by ietfa.amsl.com (Postfix) with ESMTP id 5978E1ADFD1 for <therightkey@ietf.org>; Sun, 15 Dec 2013 17:50:30 -0800 (PST)
Received: from homiemail-a61.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a61.g.dreamhost.com (Postfix) with ESMTP id EAEE857806E; Sun, 15 Dec 2013 17:50:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=taoeffect.com; h= content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; s=taoeffect.com; bh=cluKiUdGz4R6GGGfM 2KGZcjqbCA=; b=VzpvwXotkk0kYL/fDMpbWczoSUGhu54Vl9ip01fhlGs7I6NoT /lfoigSRx70sEMF3IdOhLY5l7sxGSn2/oFIZu62S+R23r1yJphQXlgXRMct+ayU/ tFF0xLddILgLczBvV1HHrx5tlbH8uwbpmtu6+MNdlao5PmI5ijb8g/miyI=
Received: from [192.168.2.3] (ip98-180-48-204.ga.at.cox.net [98.180.48.204]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: contact@taoeffect.com) by homiemail-a61.g.dreamhost.com (Postfix) with ESMTPSA id 2E52E57806C; Sun, 15 Dec 2013 17:50:28 -0800 (PST)
Content-Type: multipart/signed; boundary="Apple-Mail=_4032D5FE-E4DF-4C05-B624-ADE5ECC9CE15"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
From: Tao Effect <contact@taoeffect.com>
In-Reply-To: <CAMm+LwiMXdEnHqD0y_S-fP6081Tk=A=7-9LsJQhRuawmmmfdTg@mail.gmail.com>
Date: Sun, 15 Dec 2013 20:50:26 -0500
Message-Id: <FEFA307D-97E0-4C58-AB43-5B9AB8E8FC70@taoeffect.com>
References: <22429D73-4EFC-4091-8F5B-BAD38968EA54@taoeffect.com> <CAMm+LwiMXdEnHqD0y_S-fP6081Tk=A=7-9LsJQhRuawmmmfdTg@mail.gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
X-Mailer: Apple Mail (2.1822)
Cc: "therightkey@ietf.org" <therightkey@ietf.org>
Subject: Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Dec 2013 01:50:33 -0000

> And for someone who is accusing others of being 'fraudulent', not a good move to start off repeating figures already exposed as bogus like the oft repeated but still untrue claim of 600 CAs.

I thought the EFF was a reputable source.

There has been no update or correction to their post: https://www.eff.org/deeplinks/2011/10/how-secure-https-today

If this information is incorrect please provide a link with more details. If the EFF is wrong about this, then I'll make sure to update the paper.

> Tying the notary log to namecoin seems to be completely pointless to me, unless the real objective is to promote namecoin. Why hook into namecoin rather than the market leader? 


What market leader?

> Given the success of the US government in shutting down eGold type schemes I am very skeptical about the stability of 'namecoin'. If we accept the purported scenarios that motivate the scheme then namecoin won't last very long.

What eGold scheme are you comparing Namecoin to?

Are you sure you know what you're talking about here...? ;-)

Cheers,
Greg

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

On Dec 14, 2013, at 12:51 PM, Phillip Hallam-Baker <hallam@gmail.com> wrote:

> "The first project, DNSNMC, deprecates today's insecure and fraudulent1 public key infrastructure (PKI) by gracefully transitioning DNS from its hierarchical design, to one that is based on a globally distributed, peer-to-peer network that successfully "squares Zooko's triangle""
> 
> I think you have lost me already. If you want to get anywhere with a proposal probably not a good idea to accuse the people who might implement it as being 'fraudulent'.
> 
> 
> "We use the term “meaningful security” to refer to the security provided by protocols that employ all of these features for communication between individuals."
> 
> Have you paused to consider the reasons why the market has not adopted the security mechanisms then embody those principles to date? Designing a spec that provides more security if used is trivial. The hard part is proposing something that is secure and usable.
> 
> 
> And for someone who is accusing others of being 'fraudulent', not a good move to start off repeating figures already exposed as bogus like the oft repeated but still untrue claim of 600 CAs.
> 
> Tying the notary log to namecoin seems to be completely pointless to me, unless the real objective is to promote namecoin. Why hook into namecoin rather than the market leader? 
> 
> 
> Given the success of the US government in shutting down eGold type schemes I am very skeptical about the stability of 'namecoin'. If we accept the purported scenarios that motivate the scheme then namecoin won't last very long.
> 
> The fact that BitCoin has survived this long is rather surprising. We have already seen a huge robbery of over $200 million in bitcoin (from a drug dealer). And now we have people trying to de-anonymize the system to stop the coins being spent (!)
> 
> When the feds moved on the e-Gold crowd they started off by rolling up the small guys and created a crisis of confidence in the big ones. What would be the effect on the price of Bitcoin if the feds shut down namecoin using the same tactics they used against mega-upload? I don't think it would take much to start a run. 
> 
> 
> _______________________________________________
> therightkey mailing list
> therightkey@ietf.org
> https://www.ietf.org/mailman/listinfo/therightkey