If Brexit happens, every brit with a .eu domain will probably lose it [german article, via @sl007] https://www.heise.de/newsticker/meldung/Brexit-eu-Domaininhabern-drohen-Komplikationen-4294380.html
Oh hi yes hello, have we talked yet about why DNS is bad and we shouldn't be relying on it for our decentralized networks?
2) The reason DNS/SSL are so hard is *because* of the coordination with central authorities.
3) If your address was your key fingerprint, no need for a CA; you already know how to make a secure connection (why .onion does not need https)
4) SSL CAs are as weak as the *weakest* CA in your CA list. It only takes one badly acting CA for you to be man in the middled.
5) DNS and SSL CAs centralize the otherwise decentralized fediverse.
Down with DNS, down with SSL CA cartels.
@tomas which is to say, we can get rid of the root zone and have a good naming system, but then it won't be human meaningful on its own (time for petnames!)
@cwebber @sl007 If only we had a robust, reusable DHT infrastructure & libraries. Tor seems to be the only thing going at the moment; Telehash looks abandoned, and services like Twister are using their own modified versions of the Bitcoin codebase that probably won't scale or stand up to any kind of attack.
@cwebber I have some ideas for superseding keys in the case of revocation, upgrade, etc.
@cwebber I don't understand much about the details of DNS and security certificates, but I do know that I don't like the process of obtaining them.
Currently, I try to avoid renting domains, but sometimes I need to and use Let's Encrypt certificates.
So yeah! Off with their heads! 👨🌾
I wonder if https://www.handshake.org/ will help on this...
@cwebber @ng0 I would be very interested to read your critique on GNS. If you don't want to do a whole write-up, you could just send a mail to https://lists.gnu.org/mailman/listinfo/gnunet-developers
@ng0 I don't mind self-promotion :)
Actually, I've been wanting to try gnunet for a long time, but haven't had the time to do so.
About the SSL I agree the whole process is too much when all you want is to encrypt your traffic.
But the idea of having CA that are authenticating the website as belonging to the right company /individual is difficult without centralisation and trusting that/those central authorities.
Sure we could build a web of trust but that will still be centralized in the end.
Exactly! This is why we need a decentralized type of DNS that *we* can control. But how? I recall reading that you couldn't have it all: meaningful, decentralized, and some other thing... I forgot the rest.
Where to put such a directory? Will a DHT be enough?
Maybe fully distributed is too hard of a goal and we should just sim for decentralized, with supernodes and all that?
Then it looks like a chicken and egg problem...
@tomas yeah! I remember feeling like "whoa" when that sank in