Re: [therightkey] Transitioning the web to Namecoin/DNSNMC by addressing name-squatters
Tao Effect <contact@taoeffect.com> Sun, 22 December 2013 02:46 UTC
Return-Path: <contact@taoeffect.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BA861AE0E4 for <therightkey@ietfa.amsl.com>; Sat, 21 Dec 2013 18:46:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.335
X-Spam-Level:
X-Spam-Status: No, score=-1.335 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QH-qfmQSVpFH for <therightkey@ietfa.amsl.com>; Sat, 21 Dec 2013 18:46:25 -0800 (PST)
Received: from homiemail-a6.g.dreamhost.com (caiajhbdcagg.dreamhost.com [208.97.132.66]) by ietfa.amsl.com (Postfix) with ESMTP id ACDAF1AE13D for <therightkey@ietf.org>; Sat, 21 Dec 2013 18:46:25 -0800 (PST)
Received: from homiemail-a6.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a6.g.dreamhost.com (Postfix) with ESMTP id CE8E8598070; Sat, 21 Dec 2013 18:46:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=taoeffect.com; h= content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; s=taoeffect.com; bh=0atGbx8PaK1DDsl+s aDo/HHNODU=; b=LsYQhGKjYLrq6ytMQTLKMo7ZnenTWPN/n355Pq3NwmMHl3fRJ XcDhihZAW11NjFnKT9eLU4oHPJZHMKE1EN1w8LVep3hKrhiDoq3e8Ht5rMJAcIWF c2ZNPtaKolfOmm8/crlsbzoqAtRotiVfOwPSBIsUsAPsdrUctgXMctSC+U=
Received: from [192.168.2.3] (ip98-180-48-204.ga.at.cox.net [98.180.48.204]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: contact@taoeffect.com) by homiemail-a6.g.dreamhost.com (Postfix) with ESMTPSA id 2FA9659806C; Sat, 21 Dec 2013 18:46:21 -0800 (PST)
Content-Type: multipart/signed; boundary="Apple-Mail=_050B9239-D80E-41F1-B0C4-DDF2507108DE"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Tao Effect <contact@taoeffect.com>
In-Reply-To: <20131222021208.GD23277@mail2.eff.org>
Date: Sat, 21 Dec 2013 21:46:17 -0500
Message-Id: <E418A329-1937-4CE2-BFBD-66AEAA3EEF43@taoeffect.com>
References: <4E36BCFE-59CC-4709-ACA2-B0800AA4140A@taoeffect.com> <20131222021208.GD23277@mail2.eff.org>
To: Seth Schoen <schoen@eff.org>
X-Mailer: Apple Mail (2.1827)
Cc: "therightkey@ietf.org" <therightkey@ietf.org>
Subject: Re: [therightkey] Transitioning the web to Namecoin/DNSNMC by addressing name-squatters
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Dec 2013 02:46:27 -0000
On Dec 21, 2013, at 9:12 PM, Seth Schoen <schoen@eff.org> wrote: > Sovereign Keys (which has similar aims to Namecoin) has a similar > mechanism to this, and for the same reasons. Nice! :-) Correct me if I'm wrong though, but from what I remember when I researched Sovereign Keys, that system still preserves today's CAs, is that correct? In other words, people still have to pay money every year to random third parties to keep themselves secure? Is that correct? -- Please do not email me anything that you are not comfortable also sharing with the NSA. On Dec 21, 2013, at 9:12 PM, Seth Schoen <schoen@eff.org> wrote: > Tao Effect writes: > >> namecoind must be modified to give existing TLDs special treatment in a way that paves for a smooth transition from today's DNS, to a Namecoin-based DNS like DNSNMC. >> >> New namespaces will be created for each of today's TLDs, and only the owners of those domains (in the deprecated, old DNS system) can register them. For example, only the owners of apple.com can register com/apple, etc. Proof of ownership is done by special NMC DNS records that contain the owner's cryptographic signature/fingerprint. When Namecoin clients receive a notification that someone wants to register a domain in the com namespace, they check the JSON request to verify that it was signed by the same signature that appears in the old DNS records. If they match, the registration request is accepted and added to their local blockchain. If it does not match, the request is discarded. Similarly, the namecoin client itself will perform this check locally before sending out the request to other peers (to provide instant feedback to users attempting to register something that doesn't belong to them). >> >> Thoughts? > > Sovereign Keys (which has similar aims to Namecoin) has a similar > mechanism to this, and for the same reasons. The SK idea is that an > initial registration of a name in SK should include cryptographic > proof of ownership of the name according to the conventional Internet > naming systems (via a cryptographic binding to PKIX or DNSSEC). > > "Claiming a key for a name requires evidence of control in the DNS > (either a CA-signed certificate or a key published by DANE DNSSEC)." > > https://git.eff.org/?p=sovereign-keys.git;a=blob;f=sovereign-key-design.txt;hb=master > > -- > Seth Schoen <schoen@eff.org> > Senior Staff Technologist https://www.eff.org/ > Electronic Frontier Foundation https://www.eff.org/join > 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107