On Aug 28, 2013, at 8:34 AM, Perry E. Metzger wrote:
> On Tue, 27 Aug 2013 23:39:51 -0400 Jerry Leichter <leich...@lrw.com>
> wrote:
>> It's not as if this isn't a design we have that we know works:
>> DNS.
Read what I said: There's a *design* that works.
I never suggested *using DNS* - either its current physical instantiation, or
even necessarily the raw code. In fact, I pointed out some of the very
problems you mention.
What defines the DNS model - and is in contrast to the DHT model - is:
- Two basic classes of participants, those that track potentially large amounts
of data and respond to queries and those that simply cache for local use;
- Caching of responses for authoritative-holder-limited amounts of time to
avoid re-querying;
- A hierarchical namespace and a corresponding hierarchy of caches.
DNS and DNSSEC as implemented assume a single hierarchy, and they map the
hierarchy to authority. These features are undesirable and should be avoided.
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
