[messaging] GNU Name System
David Leon Gil
coruus at gmail.com
Sun Oct 5 14:24:23 PDT 2014
On Sun, Oct 5, 2014 at 5:01 PM, D. J. Bernstein <djb at cr.yp.to> wrote:
> Am I the only one who's bothered by all the effort to build naming/PKI
> systems that put, e.g., VeriSign and Google and anyone who compromises
> them in control of all communications between Alice and Bob?
Not building. They exist today.
I think that Greg is bothered by CT too.
I'm less bothered; I think CT offers an immediate and substantial
benefit. (I think perspectives on the degree of benefit differ mainly
depending on which rumors one has heard about MitM CA certs for
> The traditional view is that maximum-security decentralized systems
> can't be usable, so we have to compromise on security, typically by
> trusting centralized third parties.
I very much doubt most people on this list believe that.
> The reason I'm writing now is that I
> think most people here haven't yet heard of the GNU Name System, a
> _usable_ maximum-security decentralized naming system:
Some problems with this paper (which I saw an earlier version of as
well, I think):
- Doesn't describe how the DHT will work. The details are critical to
security and scalability.
- Doesn't, as best I can tell, provide any way to deal with spam in
the global namespace. (I.e., spammers, phishers, et hoc genus omnes
will rapidly register every memorable/short/confusable name.)[*]
I'll note that the query privacy section (section 4) seems to give a
decent enough design. But that's really the only part of the paper
that is fleshed out enough to bother with. I would, however, be very
interested to learn more details about the design.
[*] In a system without PoWs, there doesn't seem to be a good way of
preventing this without a "trusted third-party". But you only need to
trust the third-party to not register "address spam".
More information about the Messaging