Hi Peter,

thanks for your feedback.

On 10/19/2011 09:30 PM, Peter Lebbing wrote:
> However, I think you're not ambitious enough when you opt for using DNS for 
> key
> distribution. Yes, the infrastructure and RR types[1] are already there. But 
> it
> brings this nasty dependency on the provider. Because the part of the client
> updates to the DNS is a key missing part in the DNS infrastructure as today, 
> and
> I don't see providers adding that soon.

You are right that it is a challenge to get the support in the providers, but
note that changes in the mail client are required anyway.  Sure, changing the
client and changing the DNS infrastructure are two different kind of beasts,
but we probably can not do without the providers completely if we want
ubiquitous support.

> I'm thinking more of things like DHT, Distributed Hash Tables, in BitTorrent, 
> or
> similar concepts in other peer-to-peer networks. I have no idea how it works 
> :),
> but it does. You fire up your BitTorrent, all the data it needs is the hash 
> of a
> torrent file, and suddenly it learns IP-addresses of other people who share 
> that
> torrent file. If you could do something similar for mapping e-mail addresses 
> to
> certificates, you don't need ISP's to implement extra stuff. Because I think
> that is a really major hurdle; probably a too steep one, IMHO.

Yes, P2P networks are great, let's do more of those.  But why stop at
certificates?  Just use a P2P network for all of DNS.

See what happened?  I just turned it around. :)

The paper notes how we can utilize DNSSEC to strengthen our trust model.
Similarly, we can utilize a P2P based DNS system.  Now instead of one problem,
we got two :)

P2P systems are tricky to get right, and have their own tradeoffs.  Also,
while acceptance for our proposal among service providers will be tough to
get, I'd expect that getting acceptance for a P2P based system would be even
harder.  A lot of things have to fall into place to make a P2P network a
viable alternative, and not all of them are technical.

Thanks,
Marcus

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to