As I said in the original post, look at this problem and then ask yourselves how Perspectives, Convergence, SK and CT might help solve it.
I can see the potential for leverage in all four schemes since they all provide a means of persisting information over time. On Thu, Jan 26, 2012 at 5:02 PM, Richard L. Barnes <rbar...@bbn.com> wrote: >>>> If a system is going to be robust in practice it has to take account >>>> of all possible sources of error including administrative incompetence >>>> and user error. >>> >>> I'm curious: where do you draw the line? Should routing system security >>> be included? Email security (since many transactions relating to DNS >>> zone administration occur via email)? Telephone? Etc. >>> >>>> Security that only looks at malice is brittle security. >>> >>> Security that looks at 'all possible sources of error' seems to me >>> to be a halting state problem >> >> >> Drawing a line amounts to sticking your head in the sand. >> >> A chain is only as strong as its weakest link, and aside from >> wanna-bees, determined attackers are *not* going to attack the >> strong pieces of the technology, but turn the weak parts or >> the links between. >> >> Using DNS names for authentication is the folly here. If we believe >> that using DNS names for authentication, then we need to fix *all* >> parts of the technology, including the adminitrative procedures >> for managing/delegating DNS names. > > Ok, what names *should* we be using? Maybe we should use names that people > claim by presenting their drivers' licenses? > <http://dmv.ca.gov/pubs/newsrel/newsrel11/2011_26.htm> > Passports? > <http://www.usimmigration.com/selling-fake-passports.html> > > Can you point to an identity system that doesn't have layer-9 vulnerabilities? > > Domain names are names like any other name, except they have some nice > features: Hierarchical storage and you can use them to look stuff up. ISTM > that this group will have a win if they can come up with a good way to > authenticate domain names, possibly patching over some of the layer-9 > weaknesses. > > --Richard -- Website: http://hallambaker.com/ _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
