Follow

So the government of Kazakhstan is MITM'ing all SSL'ed traffic lobste.rs/s/uqj8nq/mitm_on_all

The way they are doing this is by adding a Certificate Authority (CA) that allows them to snoop all traffic.

This is, by the way, why SSL is criticized as being "only as secure as the weakest CA in your system". Here it's deliberate, but that's a problem in general.

It would be better if the internet were modeled off of something like Tor .onion services, where you *know* you have a secure path, because the address is literally the fingerprint of the server. "But how can I make sense of which site is which?" You guessed it, petnames github.com/cwebber/rebooting-t

And, bookmarks *are* petnames, with a minor UI tweak w3.org/2005/Security/usability

The DNS + SSL CA model puts users at risk. I hope we can move past it.

@cwebber I already use pet names in my hosts file just to make typing long names easier so it's not like this is some crazy outlandish idea either! :)

@stevenroose Doesn't work IMO. It's heavy and it has all the problems of people trying to snatch up a global namespace as fast as possible. It also has all the phishing problems of DNS (paypal.com vs paypa1.com).

Petname systems are a better decentralized system.

@cwebber @stevenroose
I think any community curated directories will have the phishing issues and the politics of snatching up namespaces. The Namecoin does present a non-political solution to community curated directories.

@rumblestiltskin @stevenroose @cwebber Suggested petnames need to propagate along trust paths. "Community" is rarely actually an actual community, because in a real community you'd know not to trust something inserted by some newcomer.

With Namecoin you have most of the problems of DNS plus the problem of someone being able to lose their keys unrecoverably. At least with DNS there are legal remedies.

@cwebber @stevenroose @rumblestiltskin I guess you could use multisig and/or Shamir secret sharing for recovery in the case of stolen or lost keys in Namecoin, but that doesn't solve the real estate hoarding/squatting issue. Personally I don't see that as as much of a problem as the fact that names are *expected* to change hands, though, whereas *you* control what your pet names refer to.

@freakazoid @stevenroose @cwebber The problem with you controlling what your pet names refer to means that the names are not global. It would be more difficult for a new project/app/website to direct you to their content if they aren't even sure if the link they give will get you there.

@rumblestiltskin @cwebber @stevenroose You don't use pet names for giving people links. You use pet names for finding stuff you've seen before and for knowing when you're interacting with something you've interacted with before.

@stevenroose @cwebber @rumblestiltskin If you want to be able to direct people to things in a way they can remember you need some set of well-known, trusted starting points. UUCP worked this way, for example. AOL keywords are another example. This is done now with FB, Twitter, etc. Having more than one name doesn't seem to present much of a problem.

@rumblestiltskin @cwebber @stevenroose People even use Google searches for this, but that's a terrible idea, because there's no way to predict what'll be stable, so that's just another land grab. Google could offer a naming service if they wanted, and they may as part of their effort to get rid of URLs. Of course they'll do it in a way that benefits them and gives no control to the user.

@freakazoid @stevenroose @cwebber It would seem to me to use AOL, Google, FB or Twitter is exactly the kind of centralisation we are hoping to move away from.

@rumblestiltskin @cwebber @stevenroose I wasn't suggesting them specifically, just using them as examples. The point is that they compete, and most people use more than one. Where the example falls down is that most of these are expected to be used as the only way to get there, whereas if your actual long-term identifier people bookmark isn't dependent on a naming system, it does way less damage if you lose a name.

@stevenroose @cwebber @rumblestiltskin You can still lose the key to a cryptographic identifier, of course. "Public" sites that can't easily establish 2-way links for adding redundant identifiers (a.k.a's) should invest in not doing that. Individuals and smaller sites can spread their "identities" across multiple devices and rely on their trusted contacts to help with revocation and supercession.

@rumblestiltskin @cwebber @stevenroose Anyway, I'm writing up a design doc for the full experience I'm envisioning and will share it once I have something coherent. Then we won't be comparing things with real-life practical implementations to something I don't even have written down in one place.

@stevenroose @rumblestiltskin @cwebber Ok this has already waited too long I'll get something up today rather than waiting to have infrastructure set up on baud0.org.

@freakazoid @stevenroose @cwebber So more like managing your own hostname file on Linux? Doesn't that break the global property of Zooko's triangle?

@rumblestiltskin @cwebber @stevenroose Of course it does. That's the point of Zooko's triangle. Globally unique. Human meaningful. Decentralized. Pick two. The complement is: pet names, a naming authority (even if it's a blockchain), or self-certifying cryptographic identifiers. Pick one from that set.

@stevenroose @cwebber @rumblestiltskin Of course, you will almost always want to combine more than one, which in this case is pet names referring to self-certifying cryptographic identifiers.

@cwebber I've started working on the design for a system that uses pet names and Tor hidden services for asynchronous long-form messaging (i.e. email) and would love to get feedback from you once I have something closer to a coherent design. I'm considering the .onion addresses to be just the transport layer rather than a secure identifier; that part will be handled by relatively disposable Ed25519 keys that'll work like canary email addresses for initial contact.

@cwebber ipfs is almost there to solve everything expect the name system. not sure if that's"good enough"

Sign in to participate in the conversation
Octodon

Octodon is a nice general purpose instance. more