[146446] in cryptography@c2.net mail archive
Re: [Cryptography] Why not the DNS? (was Re: Implementations,
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Wed Aug 28 13:13:23 2013
X-Original-To: cryptography@metzdowd.com
From: Jerry Leichter <leichter@lrw.com>
In-Reply-To: <20130828083458.02f70e1f@jabberwock.cb.piermont.com>
Date: Wed, 28 Aug 2013 10:43:24 -0400
To: "Perry E. Metzger" <perry@piermont.com>
Cc: Cryptography List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Aug 28, 2013, at 8:34 AM, Perry E. Metzger wrote:
> On Tue, 27 Aug 2013 23:39:51 -0400 Jerry Leichter <leichter@lrw.com>
> wrote:
>> It's not as if this isn't a design we have that we know works:
>> DNS.
Read what I said: There's a *design* that works.
I never suggested *using DNS* - either its current physical instantiation, or even necessarily the raw code. In fact, I pointed out some of the very problems you mention.
What defines the DNS model - and is in contrast to the DHT model - is:
- Two basic classes of participants, those that track potentially large amounts of data and respond to queries and those that simply cache for local use;
- Caching of responses for authoritative-holder-limited amounts of time to avoid re-querying;
- A hierarchical namespace and a corresponding hierarchy of caches.
DNS and DNSSEC as implemented assume a single hierarchy, and they map the hierarchy to authority. These features are undesirable and should be avoided.
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
