[therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security

Tao Effect <contact@taoeffect.com> Sat, 14 December 2013 04:56 UTC

Return-Path: <contact@taoeffect.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 183AA1AE0D6 for <therightkey@ietfa.amsl.com>; Fri, 13 Dec 2013 20:56:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.334
X-Spam-Level:
X-Spam-Status: No, score=-1.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cSTZlS0D4MAP for <therightkey@ietfa.amsl.com>; Fri, 13 Dec 2013 20:56:43 -0800 (PST)
Received: from homiemail-a61.g.dreamhost.com (caiajhbdccah.dreamhost.com [208.97.132.207]) by ietfa.amsl.com (Postfix) with ESMTP id 1BC641ADFEE for <therightkey@ietf.org>; Fri, 13 Dec 2013 20:56:43 -0800 (PST)
Received: from homiemail-a61.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a61.g.dreamhost.com (Postfix) with ESMTP id A518257806C for <therightkey@ietf.org>; Fri, 13 Dec 2013 20:56:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=taoeffect.com; h=from :content-type:subject:message-id:date:to:mime-version; s= taoeffect.com; bh=ccT60kmVBl1Ay6qAKCsP+buC47A=; b=GcFhHuKxX+p+3o kgyO9NKSBMfr7cvQ/cqUmXwEePk53sJouBm6km3PNwpZnVP7WLuwWpq9+HbvAcVp /JO926ov/+UeJhRjVXywxo9XRZ6AHRvwMCtqaGsGsFHCE3E3/9gMUQyg7DzEEOJ9 GNkbgG1WIeKMj6W/p5tU/BPXoNblw=
Received: from [192.168.2.3] (ip98-180-48-204.ga.at.cox.net [98.180.48.204]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: contact@taoeffect.com) by homiemail-a61.g.dreamhost.com (Postfix) with ESMTPSA id 2D273578059 for <therightkey@ietf.org>; Fri, 13 Dec 2013 20:56:35 -0800 (PST)
From: Tao Effect <contact@taoeffect.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_FDB14E3A-60C9-485D-88A4-4F354D075E69"; protocol="application/pgp-signature"; micalg=pgp-sha512
Message-Id: <22429D73-4EFC-4091-8F5B-BAD38968EA54@taoeffect.com>
Date: Fri, 13 Dec 2013 23:56:29 -0500
To: therightkey@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
X-Mailer: Apple Mail (2.1822)
Subject: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Dec 2013 04:56:45 -0000

Hi list,

Was referred here from another IETF-related list. Just announced a project that combines several technologies that address the security issues with TLS to "NSA-proof" the web.

Here is an excerpt from the paper (link to paper below it):

DNSNMC fixes the authentication problems previously described, and it addresses all of the problems that with the previously mentioned proposals. It does this first by combining DNS with Namecoin (NMC), and then by encouraging a “trust only those you know” policy.5

“Namecoin is an open source decentralized key/value registration and transfer system based on Bitcoin technology”.[16] Namecoin “squares Zooko’s Triangle”, meaning, it makes it possible to have domain names (and other types of identifiers) that are:

Authenticated: users can be certain that they are not speaking to an impostor

Decentralized: there is no central authority controlling all the names

Human-readable: names look just like today’s domain names

However, by itself, Namecoin does not provide the means by which ordinary users can take advantage of the features it provides. Using Namecoin is far too cumbersome for the vast majority of internet users, even those with years of computer expertise. For one, it cannot be used on mobile devices (like iPhones) in its current state because of its network requirements.

DNSNMC provides the missing “glue” to the Namecoin blockchain that makes it immediately accessible to clients of all types with zero configuration. A network administrator need only enter the IP address of a DNSNMC-compliant DNS server to instantly make the information within the blockchain accessible to all of the users that she (or he) provides internet access to. 

Paper: http://okturtles.com/other/dnsnmc_okturtles_overview.pdf

Cheers,
Greg Slepak
--
Please do not email me anything that you are not comfortable also sharing with the NSA.



--
Please do not email me anything that you are not comfortable also sharing with the NSA.


--
Please do not email me anything that you are not comfortable also sharing with the NSA.