On Aug 28, 2013, at 8:34 AM, Perry E. Metzger wrote: > On Tue, 27 Aug 2013 23:39:51 -0400 Jerry Leichter <leich...@lrw.com> > wrote: >> It's not as if this isn't a design we have that we know works: >> DNS. Read what I said: There's a *design* that works.
I never suggested *using DNS* - either its current physical instantiation, or even necessarily the raw code. In fact, I pointed out some of the very problems you mention. What defines the DNS model - and is in contrast to the DHT model - is: - Two basic classes of participants, those that track potentially large amounts of data and respond to queries and those that simply cache for local use; - Caching of responses for authoritative-holder-limited amounts of time to avoid re-querying; - A hierarchical namespace and a corresponding hierarchy of caches. DNS and DNSSEC as implemented assume a single hierarchy, and they map the hierarchy to authority. These features are undesirable and should be avoided. -- Jerry _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography