Re: [wpkops] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
I'm very interested in Namecoin, and the generic idea of squaring Zooko's triangle, and I have to admit of all the proposals I've seen you make a fantastic looking website - but I don't think you understand the goal of this working group. We're not trying to replace the PKI as it exists on the internet today. There are other working groups for that discussion. We are trying to document how it _works today_, as defined in the charter: https://datatracker.ietf.org/wg/wpkops/charter/ The use of embedded, unupgradable, and slowly upgraded devices mean that no matter what, we're going to wind up with the current model we have for a long period into the future. Documenting and codifying the sharp edges we have to deal with will help us deal with these devices going forward, even as we work in tandem for more revolutionary ideas. -tom On 13 December 2013 15:22, Tao Effect cont...@taoeffect.com wrote: Hi list, DNSNMC fixes the authentication problems previously described, and it addresses all of the problems that with the previously mentioned proposals. It does this first by combining DNS with Namecoin (NMC), and then by encouraging a “trust only those you know” policy.5 “Namecoin is an open source decentralized key/value registration and transfer system based on Bitcoin technology”.[16] Namecoin “squares Zooko’s Triangle”, meaning, it makes it possible to have domain names (and other types of identifiers) that are: - Authenticated: users can be certain that they are not speaking to an impostor - Decentralized: there is no central authority controlling all the names - Human-readable: names look just like today’s domain names However, by itself, Namecoin does not provide the means by which ordinary users can take advantage of the features it provides. Using Namecoin is far too cumbersome for the vast majority of internet users, even those with years of computer expertise. For one, it cannot be used on mobile devices (like iPhones) in its current state because of its network requirements. DNSNMC provides the missing “glue” to the Namecoin blockchain that makes it immediately accessible to clients of all types with zero configuration. A network administrator need only enter the IP address of a DNSNMC-compliant DNS server to instantly make the information within the blockchain accessible to all of the users that she (or he) provides internet access to. Paper: http://okturtles.com/other/dnsnmc_okturtles_overview.pdf Cheers, Greg Slepak -- Please do not email me anything that you are not comfortable also sharing with the NSA. ___ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops ___ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops
Re: [wpkops] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
The use of embedded, unupgradable, and slowly upgraded devices mean that no matter what, we're going to wind up with the current model we have for a long period into the future. DNSNMC is usable on virtually all devices, and yes, it _works today_. Just set your DNS IP to a DNSNMC server's IP. It might even be possible to make it work on unupgradable devices too by installing the server's root cert on the device and treating it as a certificate authority. There are other working groups for that discussion. Would appreciate a link if you have one to point me in the right direction. I apology if this isn't the fora for this topic. Thanks, Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA. On Dec 13, 2013, at 6:57 PM, Tom Ritter t...@ritter.vg wrote: I'm very interested in Namecoin, and the generic idea of squaring Zooko's triangle, and I have to admit of all the proposals I've seen you make a fantastic looking website - but I don't think you understand the goal of this working group. We're not trying to replace the PKI as it exists on the internet today. There are other working groups for that discussion. We are trying to document how it _works today_, as defined in the charter: https://datatracker.ietf.org/wg/wpkops/charter/ The use of embedded, unupgradable, and slowly upgraded devices mean that no matter what, we're going to wind up with the current model we have for a long period into the future. Documenting and codifying the sharp edges we have to deal with will help us deal with these devices going forward, even as we work in tandem for more revolutionary ideas. -tom On 13 December 2013 15:22, Tao Effect cont...@taoeffect.com wrote: Hi list, DNSNMC fixes the authentication problems previously described, and it addresses all of the problems that with the previously mentioned proposals. It does this first by combining DNS with Namecoin (NMC), and then by encouraging a “trust only those you know” policy.5 “Namecoin is an open source decentralized key/value registration and transfer system based on Bitcoin technology”.[16] Namecoin “squares Zooko’s Triangle”, meaning, it makes it possible to have domain names (and other types of identifiers) that are: Authenticated: users can be certain that they are not speaking to an impostor Decentralized: there is no central authority controlling all the names Human-readable: names look just like today’s domain names However, by itself, Namecoin does not provide the means by which ordinary users can take advantage of the features it provides. Using Namecoin is far too cumbersome for the vast majority of internet users, even those with years of computer expertise. For one, it cannot be used on mobile devices (like iPhones) in its current state because of its network requirements. DNSNMC provides the missing “glue” to the Namecoin blockchain that makes it immediately accessible to clients of all types with zero configuration. A network administrator need only enter the IP address of a DNSNMC-compliant DNS server to instantly make the information within the blockchain accessible to all of the users that she (or he) provides internet access to. Paper: http://okturtles.com/other/dnsnmc_okturtles_overview.pdf Cheers, Greg Slepak -- Please do not email me anything that you are not comfortable also sharing with the NSA. ___ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops ___ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops signature.asc Description: Message signed with OpenPGP using GPGMail ___ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops
Re: [wpkops] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
On 13 December 2013 16:03, Tao Effect cont...@taoeffect.com wrote: There are other working groups for that discussion. Would appreciate a link if you have one to point me in the right direction. I apology if this isn't the fora for this topic. I'd say the best place would be https://www.ietf.org/mailman/listinfo/therightkey -tom ___ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops
Re: [wpkops] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
Thank you kindly Tom! I subscribed and sent it there. :-) - Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA. On Dec 13, 2013, at 10:35 PM, Tom Ritter t...@ritter.vg wrote: On 13 December 2013 16:03, Tao Effect cont...@taoeffect.com wrote: There are other working groups for that discussion. Would appreciate a link if you have one to point me in the right direction. I apology if this isn't the fora for this topic. I'd say the best place would be https://www.ietf.org/mailman/listinfo/therightkey -tom ___ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops signature.asc Description: Message signed with OpenPGP using GPGMail ___ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops