search

WebOfTrustInfo / rwot1-sf

RWOT1 in San Francisco, California (November 2015)
http://www.WebOfTrust.Info
322 stars 94 forks source link

registrars and certificate authorities are not centralized #12

Open lchasen opened 8 years ago

lchasen commented 8 years ago

re: authorities-vs-Peers: pain points in security.md cc: @ChristopherA

The first paragraph first sentence states, "DNS Registrars and Certificate Authorities (CAs) offer examples of centralized authorities of trust on the Internet"

A meta point ... Registrars and CAs are not really centralized.

In The DNS world: Anybody can be a registrar or CA if they want to be. Registries are centralized over a particular namespace. ICANN is centralized over the so called root namespace. Technically anybody can create any namespace, alt-root, they want.

In the CA world: AFAIK Certificate Authorities are actually less centralized then DNS. I am not aware of an equivalent to ICANN in the certificate space. Anybody can create certificates. The question is how you get it trusted by the entities that need/want it. Getting it trusted by browser can be difficult and costly ... don't know if that is bad. I think it can be argued that because it is so easy to become a CA and there is no oversight that bad actors come about more often. This is a big problem.

jimscarver commented 8 years ago

I think the point here is that Registrars, CAs and DNS are not really DEcentralized in practice. The issue is how we set up a Web of Trust Registrar, CA and DNS.

I've registered a bunch of .bit blockchain domains. But name services do not support it. In order to enable the web of trust we must use name services that follow individual users rules rather than risk trusting services of those not having their interest in mind. Such services are one of the FreeTrust.org listed minimum viable products https://docs.google.com/document/d/1Sft2Reb76oI-L_3oSAiwP9c-qSN1SuL38z9VCpKWaq4/edit#heading=h.d8cs59srr0md being considered.

I am just learning what is happening here but hope to get involved.

Best, Jim

On Tue, Oct 27, 2015 at 10:48 AM, Les Chasen notifications@github.com wrote:

re: authorities-vs-Peers: pain points in security.md cc: @ChristopherA https://github.com/ChristopherA

The first paragraph first sentence states, "DNS Registrars and Certificate Authorities (CAs) offer examples of centralized authorities of trust on the Internet"

A meta point ... Registrars and CAs are not really centralized.

In The DNS world: Anybody can be a registrar or CA if they want to be. Registries are centralized over a particular namespace. ICANN is centralized over the so called root namespace. Technically anybody can create any namespace, alt-root, they want.

In the CA world: AFAIK Certificate Authorities are actually less centralized then DNS. I am not aware of an equivalent to ICANN in the certificate space. Anybody can create certificates. The question is how you get it trusted by the entities that need/want it. Getting it trusted by browser can be difficult and costly ... don't know if that is bad. I think it can be argued that because it is so easy to become a CA and there is no oversight that bad actors come about more often. This is a big problem.

— Reply to this email directly or view it on GitHub https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/issues/12.

lchasen commented 8 years ago

I agree on the goal … but i think it is important to recognize what parts of the existing ecosystem are really centralized and which parts are not. These folks are just actors playing in a community that formed with particular rules of the road, both formal and informal, that have come about over the years. The rules in place were not necessarily purposefully put in place rather the ecosystem formed.

In this new decentralized, commons based, world we envision there will also be various players, some similar in nature to registrars and CAs and other players in the internet, that all have agendas of varying degrees. I think the goal is to come up with a decentralized ecosystem that based on incentives encourages good behavior with less centralized oversight. To get there, IMHO, we need to recognize who all the actors are in the centralized version we want to replace. i think the decentralized world will end up with similar actors.

On Oct 27, 2015, at 11:22 AM, jimscarver notifications@github.com wrote:

I think the point here is that Registrars, CAs and DNS are not really DEcentralized in practice. The issue is how we set up a Web of Trust Registrar, CA and DNS.

I've registered a bunch of .bit blockchain domains. But name services do not support it. In order to enable the web of trust we must use name services that follow individual users rules rather than risk trusting services of those not having their interest in mind. Such services are one of the FreeTrust.org listed minimum viable products https://docs.google.com/document/d/1Sft2Reb76oI-L_3oSAiwP9c-qSN1SuL38z9VCpKWaq4/edit#heading=h.d8cs59srr0md being considered.

I am just learning what is happening here but hope to get involved.

Best, Jim

On Tue, Oct 27, 2015 at 10:48 AM, Les Chasen notifications@github.com wrote:

re: authorities-vs-Peers: pain points in security.md cc: @ChristopherA https://github.com/ChristopherA

The first paragraph first sentence states, "DNS Registrars and Certificate Authorities (CAs) offer examples of centralized authorities of trust on the Internet"

A meta point ... Registrars and CAs are not really centralized.

In The DNS world: Anybody can be a registrar or CA if they want to be. Registries are centralized over a particular namespace. ICANN is centralized over the so called root namespace. Technically anybody can create any namespace, alt-root, they want.

In the CA world: AFAIK Certificate Authorities are actually less centralized then DNS. I am not aware of an equivalent to ICANN in the certificate space. Anybody can create certificates. The question is how you get it trusted by the entities that need/want it. Getting it trusted by browser can be difficult and costly ... don't know if that is bad. I think it can be argued that because it is so easy to become a CA and there is no oversight that bad actors come about more often. This is a big problem.

— Reply to this email directly or view it on GitHub https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/issues/12.

— Reply to this email directly or view it on GitHub https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/issues/12#issuecomment-151538686.