On Mon, 2010-12-06 at 14:23 -0800, David Barrett wrote:
> But any real system needs some ability for *somebody* to revoke/change
> the mapping (eg, if a trademark violation in the jurisdiction of the TLD
> owner), so any real system is no better than the current one in terms of
> defense against government seizure.
Agreed, FWIW. It's not the place of DNS to try to defend against
government seizure. What we need to be preventing is criminal
authentication fraud -- that is, when someone follows a false DNS
record and winds up at a site that pretends to be the registrant's
site, but which is not in fact controlled by the registrant.
At this point every spammer and malware author in the world has a
CA root key or two; and the CA's themselves never check crap, they
just collect the money and sign whatever for whoever. And DNS
nodes often accept "updates" that originate with criminals rather
than registrants, and cannot be traced - so the extant
authentication mechanisms are deeply broken. It's hard to imagine
a proper fix that will work for the people and institutions whose
cooperation would be required to implement it.
Bear
_______________________________________________
p2p-hackers mailing list
[email protected]
http://lists.zooko.com/mailman/listinfo/p2p-hackers
