So the government of Kazakhstan is MITM'ing all SSL'ed traffic https://lobste.rs/s/uqj8nq/mitm_on_all_https_traffic_kazakhstan#c_0boxyk
The way they are doing this is by adding a Certificate Authority (CA) that allows them to snoop all traffic.
This is, by the way, why SSL is criticized as being "only as secure as the weakest CA in your system". Here it's deliberate, but that's a problem in general.
It would be better if the internet were modeled off of something like Tor .onion services, where you *know* you have a secure path, because the address is literally the fingerprint of the server. "But how can I make sense of which site is which?" You guessed it, petnames https://github.com/cwebber/rebooting-the-web-of-trust-spring2018/blob/petnames/draft-documents/making-dids-invisible-with-petnames.md
And, bookmarks *are* petnames, with a minor UI tweak https://www.w3.org/2005/Security/usability-ws/papers/02-hp-petname/
The DNS + SSL CA model puts users at risk. I hope we can move past it.
@cwebber I already use pet names in my hosts file just to make typing long names easier so it's not like this is some crazy outlandish idea either! :)
@stevenroose Doesn't work IMO. It's heavy and it has all the problems of people trying to snatch up a global namespace as fast as possible. It also has all the phishing problems of DNS (paypal.com vs paypa1.com).
Petname systems are a better decentralized system.
@rumblestiltskin @stevenroose @cwebber Suggested petnames need to propagate along trust paths. "Community" is rarely actually an actual community, because in a real community you'd know not to trust something inserted by some newcomer.
With Namecoin you have most of the problems of DNS plus the problem of someone being able to lose their keys unrecoverably. At least with DNS there are legal remedies.
@cwebber @stevenroose @rumblestiltskin I guess you could use multisig and/or Shamir secret sharing for recovery in the case of stolen or lost keys in Namecoin, but that doesn't solve the real estate hoarding/squatting issue. Personally I don't see that as as much of a problem as the fact that names are *expected* to change hands, though, whereas *you* control what your pet names refer to.
@stevenroose @cwebber @rumblestiltskin If you want to be able to direct people to things in a way they can remember you need some set of well-known, trusted starting points. UUCP worked this way, for example. AOL keywords are another example. This is done now with FB, Twitter, etc. Having more than one name doesn't seem to present much of a problem.
@rumblestiltskin @cwebber @stevenroose People even use Google searches for this, but that's a terrible idea, because there's no way to predict what'll be stable, so that's just another land grab. Google could offer a naming service if they wanted, and they may as part of their effort to get rid of URLs. Of course they'll do it in a way that benefits them and gives no control to the user.
@rumblestiltskin @cwebber @stevenroose I wasn't suggesting them specifically, just using them as examples. The point is that they compete, and most people use more than one. Where the example falls down is that most of these are expected to be used as the only way to get there, whereas if your actual long-term identifier people bookmark isn't dependent on a naming system, it does way less damage if you lose a name.
@stevenroose @cwebber @rumblestiltskin You can still lose the key to a cryptographic identifier, of course. "Public" sites that can't easily establish 2-way links for adding redundant identifiers (a.k.a's) should invest in not doing that. Individuals and smaller sites can spread their "identities" across multiple devices and rely on their trusted contacts to help with revocation and supercession.
@rumblestiltskin @cwebber @stevenroose Of course it does. That's the point of Zooko's triangle. Globally unique. Human meaningful. Decentralized. Pick two. The complement is: pet names, a naming authority (even if it's a blockchain), or self-certifying cryptographic identifiers. Pick one from that set.
@cwebber I've started working on the design for a system that uses pet names and Tor hidden services for asynchronous long-form messaging (i.e. email) and would love to get feedback from you once I have something closer to a coherent design. I'm considering the .onion addresses to be just the transport layer rather than a secure identifier; that part will be handled by relatively disposable Ed25519 keys that'll work like canary email addresses for initial contact.
@cwebber ipfs is almost there to solve everything expect the name system. not sure if that's"good enough"