I do not understand! My cell phone is not a cojustmputer and access to my personal accounts whereas I have DOS to them has ruined my life! I don't even know how you got my name in the mix of explaining personal keys. I just want my life back!
[email protected] On Sat, Aug 9, 2025, 5:01 AM Phillip Hallam-Baker <[email protected]> wrote: > I have been doing a lot of work on DNS Handles and have come to the > surprising conclusion that a handle is not the same as an address > > The concept of the DNS is that it is an infrastructure that resolves names > to services or hosts. The DNS name is the persistent identifier. > > Handles subvert this, the DNS name is merely an aide memoire for a public > key. Once the name has been traded in for the public key, we don't need the > name any more, the key is authoritative. > > This may sound pedantic, because it is. But that is kind of what standards > are all about. > > > What this means in practice is a somewhat different approach to how > DANE/DANCE credentials might be used in an IoT environment. > > Let us say @alice.example.com authorizes @bob.example.com to program her > thermostat while he is a house guest. > > This means the thermostat gets a message 'add @bob.example.com to the > list of authorized users' and that is the point that the thermostat fetches > the TLSA record to get Bob's private root of trust. The Bob that is added > is the Bob whose root was advertised at the moment the authorization was > issued. The device doesn't care about subsequent changes of control of the > handle. > > This approach solves the problem of offline access to the device, it > doesn't matter if the thermostat has lost connection to the external > network, it is the private root that counts. > > Alternatively, the authorization might be mediated by some local trust > service in which case the translation happens when Bob is added in to the > local trust service. > > > Crossposting to DANE because the same consideration would apply to server > certificates in an IoT device to device scenario. > _______________________________________________ > dane mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ dane mailing list -- [email protected] To unsubscribe send an email to [email protected]
