Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security

Phillip Hallam-Baker <> Sat, 14 December 2013 17:51 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E5BFD1AE243 for <>; Sat, 14 Dec 2013 09:51:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.702
X-Spam-Status: No, score=0.702 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id s3C9-EQzBUsS for <>; Sat, 14 Dec 2013 09:51:09 -0800 (PST)
Received: from ( [IPv6:2a00:1450:400c:c00::229]) by (Postfix) with ESMTP id DDC911AE254 for <>; Sat, 14 Dec 2013 09:51:08 -0800 (PST)
Received: by with SMTP id y10so521276wgg.4 for <>; Sat, 14 Dec 2013 09:51:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=MRIq/Dd0JIfUPyFDaHDCvZnQmT1jGkoTDN64rpQFW7c=; b=AwQEnnQeAxAwAJfFm9hAA7vYqXVSKy11pHv9exurb5XCB89Bl6ypBnogAqsbco1nMa 0ETC82RqlDSmaLRg2ZEmxsasPn/ZE8C/fT4InYj68SlUvwdB19D+P81u0Mbh0wgjRAeV PYA2iaZLAHUVfAywFO/KMfM6PTPsnuROvz0e2wC7iD/12VGz0uJzk9eZZ/Zlc0DFZAds oLSo6qtMAVELLQ4qWSYvSbZpSp+Y4jKjOb85bh60LbWrfcbYtRvgsEOVB5YBTq6FSIQQ wck3Y2oQQSbxUpG1YNf8qfbm+l/XcwyE2UhqjBmscrC4wXkKEKsav/VjK4Qk6LaIMAGH jGhA==
MIME-Version: 1.0
X-Received: by with SMTP id n6mr6667809wjb.25.1387043461357; Sat, 14 Dec 2013 09:51:01 -0800 (PST)
Received: by with HTTP; Sat, 14 Dec 2013 09:51:01 -0800 (PST)
In-Reply-To: <>
References: <>
Date: Sat, 14 Dec 2013 12:51:01 -0500
Message-ID: <>
From: Phillip Hallam-Baker <>
To: Tao Effect <>
Content-Type: multipart/alternative; boundary=047d7b5d5710cd661e04ed8238b2
Cc: "" <>
Subject: Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 14 Dec 2013 17:51:12 -0000

"The first project, DNSNMC, deprecates today's insecure and fraudulent1 public
key infrastructure (PKI) by gracefully transitioning DNS from its
hierarchical design, to one that is based on a globally distributed,
peer-to-peer network that successfully "squares Zooko's triangle""

I think you have lost me already. If you want to get anywhere with a
proposal probably not a good idea to accuse the people who might implement
it as being 'fraudulent'.

"We use the term “meaningful security” to refer to the security provided by
protocols that employ all of these features for communication between

Have you paused to consider the reasons why the market has not adopted the
security mechanisms then embody those principles to date? Designing a spec
that provides more security if used is trivial. The hard part is proposing
something that is secure and usable.

And for someone who is accusing others of being 'fraudulent', not a good
move to start off repeating figures already exposed as bogus like the oft
repeated but still untrue claim of 600 CAs.

Tying the notary log to namecoin seems to be completely pointless to me,
unless the real objective is to promote namecoin. Why hook into namecoin
rather than the market leader?

Given the success of the US government in shutting down eGold type schemes
I am very skeptical about the stability of 'namecoin'. If we accept the
purported scenarios that motivate the scheme then namecoin won't last very

The fact that BitCoin has survived this long is rather surprising. We have
already seen a huge robbery of over $200 million in bitcoin (from a drug
dealer). And now we have people trying to de-anonymize the system to stop
the coins being spent (!)

When the feds moved on the e-Gold crowd they started off by rolling up the
small guys and created a crisis of confidence in the big ones. What would
be the effect on the price of Bitcoin if the feds shut down namecoin using
the same tactics they used against mega-upload? I don't think it would take
much to start a run.