[146753] in cryptography@c2.net mail archive
Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN"
daemon@ATHENA.MIT.EDU (David Mercer)
Sat Sep 7 16:14:05 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <522AEF9C.5010801@iang.org>
Date: Sat, 7 Sep 2013 12:44:18 -0700
From: David Mercer <radix42@gmail.com>
To: ianG <iang@iang.org>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============5815729306853811995==
Content-Type: multipart/alternative; boundary=047d7b603b3e80ef1b04e5d06123
--047d7b603b3e80ef1b04e5d06123
Content-Type: text/plain; charset=UTF-8
On Sat, Sep 7, 2013 at 2:19 AM, ianG <iang@iang.org> wrote:
> On 7/09/13 10:15 AM, Gregory Perry wrote:
>
> Correct me if I am wrong, but in my humble opinion the original intent
>> of the DNSSEC framework was to provide for cryptographic authenticity
>> of the Domain Name Service, not for confidentiality (although that
>> would have been a bonus).
>>
>
>
> If so, then the domain owner can deliver a public key with authenticity
> using the DNS. This strikes a deathblow to the CA industry. This threat
> is enough for CAs to spend a significant amount of money slowing down its
> development [0].
>
> How much more obvious does it get [1] ?
>
> iang
>
I proposed essentially this idea around 10 years ago on the capabilities
list, using custom TXT records and some hackish things that are/were
sub-optimal due to DNSSEC being more of a pipedream then than it is now to
deliver public keys for any arbitrary purpose. I only went so far as to
kick around design ideas on and off-list back then under the tag-line of
objectdns (as in being able to locate and connect to any arbitrary object
via a public key crypto connection) and registering the domain objectdns.com.
Things stalled out there due to my lack of copious free time.
David Mercer - http://dmercer.tumblr.com
IM: AIM: MathHippy Yahoo/MSN: n0tmusic
Facebook/Twitter/Google+/Linkedin: radix42
FAX: +1-801-877-4351 - BlackBerry PIN: 332004F7
--047d7b603b3e80ef1b04e5d06123
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra">On Sat, Sep 7, 2013 at 2:19=
AM, ianG <span dir=3D"ltr"><<a href=3D"mailto:iang@iang.org" target=3D"=
_blank">iang@iang.org</a>></span> wrote:<br><div class=3D"gmail_quote"><=
blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l=
eft-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;pa=
dding-left:1ex">
<div class=3D"im">On 7/09/13 10:15 AM, Gregory Perry wrote:<br>
<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">
Correct me if I am wrong, but in my humble opinion the original intent<br>
of the DNSSEC framework was to provide for cryptographic authenticity<br>
of the Domain Name Service, not for confidentiality (although that<br>
would have been a bonus).<br>
</blockquote>
<br>
<br></div>
If so, then the domain owner can deliver a public key with authenticity usi=
ng the DNS. =C2=A0This strikes a deathblow to the CA industry. =C2=A0This t=
hreat is enough for CAs to spend a significant amount of money slowing down=
its development [0].<br>
<br>
How much more obvious does it get [1] ?<br>
<br>
iang<br></blockquote><div><br></div><div style>I proposed essentially this =
idea around 10 years ago on the capabilities list, using custom TXT records=
and some hackish things that =C2=A0are/were sub-optimal due to DNSSEC bein=
g more of a pipedream then than it is now to deliver public keys for any ar=
bitrary purpose. I only went so far as to kick around design ideas on and o=
ff-list back then under the tag-line of objectdns (as in being able to loca=
te and connect to any arbitrary object via a public key crypto connection) =
and registering the domain <a href=3D"http://objectdns.com">objectdns.com</=
a>. Things stalled out there due to my lack of copious free time.</div>
<div style><br></div><div style><div>David Mercer -=C2=A0<a href=3D"http://=
dmercer.tumblr.com/" target=3D"_blank">http://dmercer.tumblr.com</a><br>IM:=
=C2=A0AIM: MathHippy Yahoo/MSN: n0tmusic<br>Facebook/Twitter/Google+/Linke=
din: radix42<br>
FAX: +1-801-877-4351 - BlackBerry PIN: 332004F7</div><div><br></div></div><=
/div></div></div>
--047d7b603b3e80ef1b04e5d06123--
--===============5815729306853811995==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============5815729306853811995==--