On Sun, Oct 5, 2014 at 5:01 PM, D. J. Bernstein <[email protected]> wrote: > Am I the only one who's bothered by all the effort to build naming/PKI > systems that put, e.g., VeriSign and Google and anyone who compromises > them in control of all communications between Alice and Bob?
Not building. They exist today. I think that Greg is bothered by CT too. I'm less bothered; I think CT offers an immediate and substantial benefit. (I think perspectives on the degree of benefit differ mainly depending on which rumors one has heard about MitM CA certs for non-state actors.) > The traditional view is that maximum-security decentralized systems > can't be usable, so we have to compromise on security, typically by > trusting centralized third parties. I very much doubt most people on this list believe that. > The reason I'm writing now is that I > think most people here haven't yet heard of the GNU Name System, a > _usable_ maximum-security decentralized naming system: > > https://gnunet.org/sites/default/files/paper_cans2014_camera_ready.pdf Some problems with this paper (which I saw an earlier version of as well, I think): - Doesn't describe how the DHT will work. The details are critical to security and scalability. - Doesn't, as best I can tell, provide any way to deal with spam in the global namespace. (I.e., spammers, phishers, et hoc genus omnes will rapidly register every memorable/short/confusable name.)[*] I'll note that the query privacy section (section 4) seems to give a decent enough design. But that's really the only part of the paper that is fleshed out enough to bother with. I would, however, be very interested to learn more details about the design. [*] In a system without PoWs, there doesn't seem to be a good way of preventing this without a "trusted third-party". But you only need to trust the third-party to not register "address spam". _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
