Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security

Leif Johansson <leifj@mnt.se> Sun, 15 December 2013 10:21 UTC

Return-Path: <leifj@mnt.se>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7736A1A802A for <therightkey@ietfa.amsl.com>; Sun, 15 Dec 2013 02:21:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aLEqU-dMy-5Y for <therightkey@ietfa.amsl.com>; Sun, 15 Dec 2013 02:21:13 -0800 (PST)
Received: from mail-lb0-f179.google.com (mail-lb0-f179.google.com [209.85.217.179]) by ietfa.amsl.com (Postfix) with ESMTP id 1F69D1AD845 for <therightkey@ietf.org>; Sun, 15 Dec 2013 02:21:07 -0800 (PST)
Received: by mail-lb0-f179.google.com with SMTP id w7so409373lbi.24 for <therightkey@ietf.org>; Sun, 15 Dec 2013 02:21:00 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=mrBCb0QrE7vkybOM/yzMy/VkKUuChjBUd6B0HwRhGPo=; b=lNjtC91d1o0Jo1vTU5agwjMFVwTc71MCv+A+bJMIpd9D9Ezs6mT3Rj1kx6EN/M3HKP Xnxilt5e6PbEX68XeBSRJ+SVAo1FKSFNe2hSZR46trl7atAr90F514+uNQqKN+3RM11/ J/GvmZ5vnyH/TG79MNWDtq5xl/++GGOYgbcIwVLu7dLbRs1RXzMWXbSPTloW2E8sKl2F dRs0Fr422HxKvTRywqBuLa8yp4axE/jZXot/1xDFVJ9gZ3Os3n5/PEfYedsET7SdTL0m HdTDYFgKbX0bgJnQEoSp3eA0Q+xyOwqTKDBk3fpH9CWJX9HgVgjeLli7K8E2NfpXRHny BMIg==
X-Gm-Message-State: ALoCoQn3fSOibaPG59fGyc3F5JdIOnCJZl+j8ejHaxuucBO9CEs4MoYwXCCh3kgz1wDy5EzG+ind
X-Received: by 10.112.148.104 with SMTP id tr8mr1894726lbb.42.1387102860269; Sun, 15 Dec 2013 02:21:00 -0800 (PST)
Received: from [192.168.1.169] (c-d7bae055.641-1-64736c20.cust.bredbandsbolaget.se. [85.224.186.215]) by mx.google.com with ESMTPSA id sd11sm15256843lab.2.2013.12.15.02.20.58 for <therightkey@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 15 Dec 2013 02:20:59 -0800 (PST)
Message-ID: <52AD828F.6040104@mnt.se>
Date: Sun, 15 Dec 2013 11:21:03 +0100
From: Leif Johansson <leifj@mnt.se>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: therightkey@ietf.org
References: <22429D73-4EFC-4091-8F5B-BAD38968EA54@taoeffect.com> <CAMm+LwiMXdEnHqD0y_S-fP6081Tk=A=7-9LsJQhRuawmmmfdTg@mail.gmail.com> <CAPKVt5+ONgfAaX+0i9rGkndJmYmDo74CXGp4osOAwjrBG6_jbQ@mail.gmail.com>
In-Reply-To: <CAPKVt5+ONgfAaX+0i9rGkndJmYmDo74CXGp4osOAwjrBG6_jbQ@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Dec 2013 10:21:23 -0000

On 2013-12-14 20:25, Ali-Reza Anghaie wrote:
> On Sat, Dec 14, 2013 at 12:51 PM, Phillip Hallam-Baker <hallam@gmail.com> wrote:
>> Given the success of the US government in shutting down eGold type schemes I
>> am very skeptical about the stability of 'namecoin'. If we accept the
>> purported scenarios that motivate the scheme then namecoin won't last very
>> long.
> Aside from the tactful / lack thereof issues in the delivery - this is
> a key point not addressed in the proposal. Adoption requires not only
> a State unwilling to quash it but ISPs and other providers willing to
> support it. This isn't just a US issue, it's quite prevalent an issue
> in every moderately to well connected State.
>
>
Its still interesting to consider distributed proof-of-work systems
_like_ bitcoin as a basis for public ledger systems. I realize that this
isn't exactly what this proposal is about.

I also see quite a few challenges with this proposal. For instance I
don't see how running and trusting your own DNSNMC server is
significantly different (or easier) than running and trusting your own CA.

However, distributed systems like this should not be dismissed offhand
as inherently un-deployable by using, what are essentially
guilt-by-association arguments.

        Cheers Leif