On Fri, 26 Sep 2003, Some Guy wrote: > B is cooler, but it may have to have something to > prevent a rouge member of the ring, bombing nodes, by > making junk certificates. Something like a limited > number of certified slots, could be cached so the > rouge cann't resend indefinately. > > Or wait let's combine our ideas!!! > Store the individual signatures in different places, > but to insert actual data, one first must collect > those signatures and the policy to send with the data > so you can validate it on it's way in. This would > allow the individual signers only to DNS thier own > signature. This seems like the best you could do. > It'd still be possible to do a seperate DNS on the > hash space using a seperate SSK attack though.
Yes, this would be the way to do it. The data would be routed according to the hash of the namespace (I.E. the same as a SSK) but > > > > Not if you use my suggestion. You could possibly > > make > > > it to where if "9 of 10 want to change the policy, > > > they can." This could lead to a string of > > > certificates required on insertion, but otherwise > > the > > > URL wouldn't change. Implementing this may be > > pain in > > > the butt. > > > > That was my suggestion, actually. Please re-read > > the proposal > > again. > I was talking about my suggestion with the throw away > key. I'm just tring to come up with a shorter key > format so you can have 100 signers without a 5000 > character URL. > > Here's better idea to keep the keys short. > URL= > HASH(<key1><key2><key3>..<keyn>policy_blablabla)/page.html > This should keep the URLs from exploding. Sound ok? Oh, I _LIKE_ that Idea. So here's the proceedure: I ask for the public keys of 4 trusted developers, and create a keyring with our five keys and a policy (minimum=3). I send it to them to verify, and they can see the hash. Now, to insert I take the data + keyring and sign it, then send. We use the same routing/verification code as a SSK, since the keyring is included. When anyone else signs it they do the same thing <data+keyring>/signed. It _SHOULD_ route to the same place if NGR is working well, or at least cross the path sufficently well. And again, the signed data + keyring must be less then 32k. Easy enough to do, especially if the keyring is in binary form. Ian, what's your take on this? Would you consider this "sound" enough to entrust distribution to? --Dan
pgp00000.pgp
Description: PGP signature
_______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
