Open lchasen opened 8 years ago
I think the point here is that Registrars, CAs and DNS are not really DEcentralized in practice. The issue is how we set up a Web of Trust Registrar, CA and DNS.
I've registered a bunch of .bit blockchain domains. But name services do not support it. In order to enable the web of trust we must use name services that follow individual users rules rather than risk trusting services of those not having their interest in mind. Such services are one of the FreeTrust.org listed minimum viable products https://docs.google.com/document/d/1Sft2Reb76oI-L_3oSAiwP9c-qSN1SuL38z9VCpKWaq4/edit#heading=h.d8cs59srr0md being considered.
I am just learning what is happening here but hope to get involved.
Best, Jim
On Tue, Oct 27, 2015 at 10:48 AM, Les Chasen notifications@github.com wrote:
re: authorities-vs-Peers: pain points in security.md cc: @ChristopherA https://github.com/ChristopherA
The first paragraph first sentence states, "DNS Registrars and Certificate Authorities (CAs) offer examples of centralized authorities of trust on the Internet"
A meta point ... Registrars and CAs are not really centralized.
In The DNS world: Anybody can be a registrar or CA if they want to be. Registries are centralized over a particular namespace. ICANN is centralized over the so called root namespace. Technically anybody can create any namespace, alt-root, they want.
In the CA world: AFAIK Certificate Authorities are actually less centralized then DNS. I am not aware of an equivalent to ICANN in the certificate space. Anybody can create certificates. The question is how you get it trusted by the entities that need/want it. Getting it trusted by browser can be difficult and costly ... don't know if that is bad. I think it can be argued that because it is so easy to become a CA and there is no oversight that bad actors come about more often. This is a big problem.
— Reply to this email directly or view it on GitHub https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/issues/12.
I agree on the goal … but i think it is important to recognize what parts of the existing ecosystem are really centralized and which parts are not. These folks are just actors playing in a community that formed with particular rules of the road, both formal and informal, that have come about over the years. The rules in place were not necessarily purposefully put in place rather the ecosystem formed.
In this new decentralized, commons based, world we envision there will also be various players, some similar in nature to registrars and CAs and other players in the internet, that all have agendas of varying degrees. I think the goal is to come up with a decentralized ecosystem that based on incentives encourages good behavior with less centralized oversight. To get there, IMHO, we need to recognize who all the actors are in the centralized version we want to replace. i think the decentralized world will end up with similar actors.
On Oct 27, 2015, at 11:22 AM, jimscarver notifications@github.com wrote:
I think the point here is that Registrars, CAs and DNS are not really DEcentralized in practice. The issue is how we set up a Web of Trust Registrar, CA and DNS.
I've registered a bunch of .bit blockchain domains. But name services do not support it. In order to enable the web of trust we must use name services that follow individual users rules rather than risk trusting services of those not having their interest in mind. Such services are one of the FreeTrust.org listed minimum viable products https://docs.google.com/document/d/1Sft2Reb76oI-L_3oSAiwP9c-qSN1SuL38z9VCpKWaq4/edit#heading=h.d8cs59srr0md being considered.
I am just learning what is happening here but hope to get involved.
Best, Jim
On Tue, Oct 27, 2015 at 10:48 AM, Les Chasen notifications@github.com wrote:
re: authorities-vs-Peers: pain points in security.md cc: @ChristopherA https://github.com/ChristopherA
The first paragraph first sentence states, "DNS Registrars and Certificate Authorities (CAs) offer examples of centralized authorities of trust on the Internet"
A meta point ... Registrars and CAs are not really centralized.
In The DNS world: Anybody can be a registrar or CA if they want to be. Registries are centralized over a particular namespace. ICANN is centralized over the so called root namespace. Technically anybody can create any namespace, alt-root, they want.
In the CA world: AFAIK Certificate Authorities are actually less centralized then DNS. I am not aware of an equivalent to ICANN in the certificate space. Anybody can create certificates. The question is how you get it trusted by the entities that need/want it. Getting it trusted by browser can be difficult and costly ... don't know if that is bad. I think it can be argued that because it is so easy to become a CA and there is no oversight that bad actors come about more often. This is a big problem.
— Reply to this email directly or view it on GitHub https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/issues/12.
— Reply to this email directly or view it on GitHub https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/issues/12#issuecomment-151538686.
re: authorities-vs-Peers: pain points in security.md cc: @ChristopherA
The first paragraph first sentence states, "DNS Registrars and Certificate Authorities (CAs) offer examples of centralized authorities of trust on the Internet"
A meta point ... Registrars and CAs are not really centralized.
In The DNS world: Anybody can be a registrar or CA if they want to be. Registries are centralized over a particular namespace. ICANN is centralized over the so called root namespace. Technically anybody can create any namespace, alt-root, they want.
In the CA world: AFAIK Certificate Authorities are actually less centralized then DNS. I am not aware of an equivalent to ICANN in the certificate space. Anybody can create certificates. The question is how you get it trusted by the entities that need/want it. Getting it trusted by browser can be difficult and costly ... don't know if that is bad. I think it can be argued that because it is so easy to become a CA and there is no oversight that bad actors come about more often. This is a big problem.