Steve Crocker <[email protected]> wrote: > > Nice post. Thanks!
> If someone is paranoid about the possibility of being spoofed, he can > compare the results from multiple publishers and/or rotate among the > many publishers. But there's no need for the publishers to coordinate > among themselves, except for the standard format, and there's no need > for a formal quorum of witnesses. (I guess if someone wanted to > advocate a best practice of using a quorum of witnesses, that's ok with > me, but I view that as an added layer, not necessarily required.) I think robustness is at least as important as paranoia. I have in mind something like DNS root server operations. It's fine if D-root renumbers, because a resolver still has 12 other servers it can use to bootstrap. Similarly, a validator should have several witness keys it can use to bootstrap, so that it still works after keys are retired. If you know multiple witness keys then it becomes fairly easy to require a quorum rather than trust just one of them. The advantage is that you don't have to make an active choice about who to trust or who not to trust, which is an enormous usability bonus for mass-market validation. I'm unsure about the logistics. There are lots of plausible options. How does each witness decide they are signing the right thing? It would be nice (efficient) if a client could download a bundle of signatures from any mirror site, but does that introduce too much coupling? Maybe the witnesses could cross-mirror each other. But I though mirror sites might be provided by big CDN services, and witnesses might be interested parties such as registries, registrars, DNS software vendors, etc. usw. Your newspaper analogy is another useful model to consider. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
