On Dec 21, 2013, at 9:12 PM, Seth Schoen <[email protected]> wrote: > Sovereign Keys (which has similar aims to Namecoin) has a similar > mechanism to this, and for the same reasons.
Nice! :-) Correct me if I'm wrong though, but from what I remember when I researched Sovereign Keys, that system still preserves today's CAs, is that correct? In other words, people still have to pay money every year to random third parties to keep themselves secure? Is that correct? -- Please do not email me anything that you are not comfortable also sharing with the NSA. On Dec 21, 2013, at 9:12 PM, Seth Schoen <[email protected]> wrote: > Tao Effect writes: > >> namecoind must be modified to give existing TLDs special treatment in a way >> that paves for a smooth transition from today's DNS, to a Namecoin-based DNS >> like DNSNMC. >> >> New namespaces will be created for each of today's TLDs, and only the owners >> of those domains (in the deprecated, old DNS system) can register them. For >> example, only the owners of apple.com can register com/apple, etc. Proof of >> ownership is done by special NMC DNS records that contain the owner's >> cryptographic signature/fingerprint. When Namecoin clients receive a >> notification that someone wants to register a domain in the com namespace, >> they check the JSON request to verify that it was signed by the same >> signature that appears in the old DNS records. If they match, the >> registration request is accepted and added to their local blockchain. If it >> does not match, the request is discarded. Similarly, the namecoin client >> itself will perform this check locally before sending out the request to >> other peers (to provide instant feedback to users attempting to register >> something that doesn't belong to them). >> >> Thoughts? > > Sovereign Keys (which has similar aims to Namecoin) has a similar > mechanism to this, and for the same reasons. The SK idea is that an > initial registration of a name in SK should include cryptographic > proof of ownership of the name according to the conventional Internet > naming systems (via a cryptographic binding to PKIX or DNSSEC). > > "Claiming a key for a name requires evidence of control in the DNS > (either a CA-signed certificate or a key published by DANE DNSSEC)." > > https://git.eff.org/?p=sovereign-keys.git;a=blob;f=sovereign-key-design.txt;hb=master > > -- > Seth Schoen <[email protected]> > Senior Staff Technologist https://www.eff.org/ > Electronic Frontier Foundation https://www.eff.org/join > 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
