Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
Phillip Hallam-Baker <hallam@gmail.com> Sat, 14 December 2013 17:51 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5BFD1AE243 for <therightkey@ietfa.amsl.com>; Sat, 14 Dec 2013 09:51:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.702
X-Spam-Level:
X-Spam-Status: No, score=0.702 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s3C9-EQzBUsS for <therightkey@ietfa.amsl.com>; Sat, 14 Dec 2013 09:51:09 -0800 (PST)
Received: from mail-wg0-x229.google.com (mail-wg0-x229.google.com [IPv6:2a00:1450:400c:c00::229]) by ietfa.amsl.com (Postfix) with ESMTP id DDC911AE254 for <therightkey@ietf.org>; Sat, 14 Dec 2013 09:51:08 -0800 (PST)
Received: by mail-wg0-f41.google.com with SMTP id y10so521276wgg.4 for <therightkey@ietf.org>; Sat, 14 Dec 2013 09:51:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=MRIq/Dd0JIfUPyFDaHDCvZnQmT1jGkoTDN64rpQFW7c=; b=AwQEnnQeAxAwAJfFm9hAA7vYqXVSKy11pHv9exurb5XCB89Bl6ypBnogAqsbco1nMa 0ETC82RqlDSmaLRg2ZEmxsasPn/ZE8C/fT4InYj68SlUvwdB19D+P81u0Mbh0wgjRAeV PYA2iaZLAHUVfAywFO/KMfM6PTPsnuROvz0e2wC7iD/12VGz0uJzk9eZZ/Zlc0DFZAds oLSo6qtMAVELLQ4qWSYvSbZpSp+Y4jKjOb85bh60LbWrfcbYtRvgsEOVB5YBTq6FSIQQ wck3Y2oQQSbxUpG1YNf8qfbm+l/XcwyE2UhqjBmscrC4wXkKEKsav/VjK4Qk6LaIMAGH jGhA==
MIME-Version: 1.0
X-Received: by 10.194.11.38 with SMTP id n6mr6667809wjb.25.1387043461357; Sat, 14 Dec 2013 09:51:01 -0800 (PST)
Received: by 10.194.243.136 with HTTP; Sat, 14 Dec 2013 09:51:01 -0800 (PST)
In-Reply-To: <22429D73-4EFC-4091-8F5B-BAD38968EA54@taoeffect.com>
References: <22429D73-4EFC-4091-8F5B-BAD38968EA54@taoeffect.com>
Date: Sat, 14 Dec 2013 12:51:01 -0500
Message-ID: <CAMm+LwiMXdEnHqD0y_S-fP6081Tk=A=7-9LsJQhRuawmmmfdTg@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Tao Effect <contact@taoeffect.com>
Content-Type: multipart/alternative; boundary="047d7b5d5710cd661e04ed8238b2"
Cc: "therightkey@ietf.org" <therightkey@ietf.org>
Subject: Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Dec 2013 17:51:12 -0000
"The first project, DNSNMC, deprecates today's insecure and fraudulent1 public key infrastructure (PKI) by gracefully transitioning DNS from its hierarchical design, to one that is based on a globally distributed, peer-to-peer network that successfully "squares Zooko's triangle"" I think you have lost me already. If you want to get anywhere with a proposal probably not a good idea to accuse the people who might implement it as being 'fraudulent'. "We use the term “meaningful security” to refer to the security provided by protocols that employ all of these features for communication between individuals." Have you paused to consider the reasons why the market has not adopted the security mechanisms then embody those principles to date? Designing a spec that provides more security if used is trivial. The hard part is proposing something that is secure and usable. And for someone who is accusing others of being 'fraudulent', not a good move to start off repeating figures already exposed as bogus like the oft repeated but still untrue claim of 600 CAs. Tying the notary log to namecoin seems to be completely pointless to me, unless the real objective is to promote namecoin. Why hook into namecoin rather than the market leader? Given the success of the US government in shutting down eGold type schemes I am very skeptical about the stability of 'namecoin'. If we accept the purported scenarios that motivate the scheme then namecoin won't last very long. The fact that BitCoin has survived this long is rather surprising. We have already seen a huge robbery of over $200 million in bitcoin (from a drug dealer). And now we have people trying to de-anonymize the system to stop the coins being spent (!) When the feds moved on the e-Gold crowd they started off by rolling up the small guys and created a crisis of confidence in the big ones. What would be the effect on the price of Bitcoin if the feds shut down namecoin using the same tactics they used against mega-upload? I don't think it would take much to start a run.
- [therightkey] DNSNMC deprecates Certificate Autho… Tao Effect
- Re: [therightkey] DNSNMC deprecates Certificate A… Phillip Hallam-Baker
- Re: [therightkey] DNSNMC deprecates Certificate A… Ben Laurie
- Re: [therightkey] DNSNMC deprecates Certificate A… Ali-Reza Anghaie
- Re: [therightkey] DNSNMC deprecates Certificate A… Leif Johansson
- Re: [therightkey] DNSNMC deprecates Certificate A… Tao Effect
- Re: [therightkey] DNSNMC deprecates Certificate A… Phillip Hallam-Baker
- Re: [therightkey] DNSNMC deprecates Certificate A… Leif Johansson
- Re: [therightkey] DNSNMC deprecates Certificate A… Phillip Hallam-Baker
- Re: [therightkey] DNSNMC deprecates Certificate A… Leif Johansson
- Re: [therightkey] DNSNMC deprecates Certificate A… Rob Stradling
- Re: [therightkey] DNSNMC deprecates Certificate A… Tao Effect
- Re: [therightkey] DNSNMC deprecates Certificate A… Tao Effect
- Re: [therightkey] DNSNMC deprecates Certificate A… Ben Laurie
- Re: [therightkey] DNSNMC deprecates Certificate A… Tao Effect
- Re: [therightkey] DNSNMC deprecates Certificate A… Stephen Farrell
- Re: [therightkey] DNSNMC deprecates Certificate A… Ben Laurie
- Re: [therightkey] DNSNMC deprecates Certificate A… Phillip Hallam-Baker
- Re: [therightkey] DNSNMC deprecates Certificate A… Tao Effect
- Re: [therightkey] DNSNMC deprecates Certificate A… Tao Effect
- Re: [therightkey] DNSNMC deprecates Certificate A… Paul Lambert
- Re: [therightkey] DNSNMC deprecates Certificate A… Tao Effect
- Re: [therightkey] DNSNMC deprecates Certificate A… Tao Effect
- Re: [therightkey] DNSNMC deprecates Certificate A… Ralph Holz
- Re: [therightkey] DNSNMC deprecates Certificate A… Tao Effect
- Re: [therightkey] DNSNMC deprecates Certificate A… Jacob Appelbaum
- Re: [therightkey] DNSNMC deprecates Certificate A… Ralph Holz
- Re: [therightkey] DNSNMC deprecates Certificate A… Rob Stradling
- Re: [therightkey] DNSNMC deprecates Certificate A… Jacob Appelbaum
- Re: [therightkey] DNSNMC deprecates Certificate A… Paul Hoffman
- Re: [therightkey] DNSNMC deprecates Certificate A… Jacob Appelbaum
- Re: [therightkey] DNSNMC deprecates Certificate A… Phillip Hallam-Baker
- Re: [therightkey] DNSNMC deprecates Certificate A… Leif Johansson
- Re: [therightkey] DNSNMC deprecates Certificate A… Phillip Hallam-Baker
- Re: [therightkey] DNSNMC deprecates Certificate A… Santosh Chokhani
- Re: [therightkey] DNSNMC deprecates Certificate A… Leif Johansson
- Re: [therightkey] DNSNMC deprecates Certificate A… Paul Hoffman
- Re: [therightkey] DNSNMC deprecates Certificate A… Leif Johansson
- Re: [therightkey] DNSNMC deprecates Certificate A… Ralph Holz
- Re: [therightkey] DNSNMC deprecates Certificate A… Leif Johansson
- Re: [therightkey] DNSNMC deprecates Certificate A… Rob Stradling
- Re: [therightkey] DNSNMC deprecates Certificate A… Ralph Holz
- Re: [therightkey] DNSNMC deprecates Certificate A… Carl Wallace
- Re: [therightkey] DNSNMC deprecates Certificate A… Stephen Farrell
- Re: [therightkey] DNSNMC deprecates Certificate A… Ralph Holz
- Re: [therightkey] algorithm blacklisting Jacob Appelbaum