On Mon, 2010-12-06 at 14:23 -0800, David Barrett wrote: > But any real system needs some ability for *somebody* to revoke/change > the mapping (eg, if a trademark violation in the jurisdiction of the TLD > owner), so any real system is no better than the current one in terms of > defense against government seizure.
Agreed, FWIW. It's not the place of DNS to try to defend against government seizure. What we need to be preventing is criminal authentication fraud -- that is, when someone follows a false DNS record and winds up at a site that pretends to be the registrant's site, but which is not in fact controlled by the registrant. At this point every spammer and malware author in the world has a CA root key or two; and the CA's themselves never check crap, they just collect the money and sign whatever for whoever. And DNS nodes often accept "updates" that originate with criminals rather than registrants, and cannot be traced - so the extant authentication mechanisms are deeply broken. It's hard to imagine a proper fix that will work for the people and institutions whose cooperation would be required to implement it. Bear _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers