> -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of David > Barrett > Sent: December 5, 2010 9:51 PM > To: [email protected] > Subject: Re: [p2p-hackers] .p2p domain
... > 4) When renewing the record, refuse any unsigned change, or change > whose signature fails. ... And what about abandoned/expired domains that are re-assigned to new owners? It is not realistic to expect all existing owners to gracefully relinquish the ownership of expiring domains. On a more general note - if a "secure" DNS infrastructure ever sees a proper adoption, I bet that there will be some form of PKI present in it. Simple key-based trust is not going to fly with interested intermediates, e.g. shady agencies that already own or have an access to SSL CA keys and are capable of on-the-fly certificate forgery, and through this the MnM attacks, if needed. What you describe is a geek's solution that doesn't account for political realities :) I'm with you, but it is simply not going to happen. Alex _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
