Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

registrars and certificate authorities are not centralized #12

Open
lchasen opened this issue Oct 27, 2015 · 2 comments
Open

registrars and certificate authorities are not centralized #12

lchasen opened this issue Oct 27, 2015 · 2 comments
Labels

Comments

@lchasen
Copy link

lchasen commented Oct 27, 2015

re: authorities-vs-Peers: pain points in security.md
cc: @ChristopherA

The first paragraph first sentence states, "DNS Registrars and Certificate Authorities (CAs) offer examples of centralized authorities of trust on the Internet"

A meta point ... Registrars and CAs are not really centralized.

In The DNS world: Anybody can be a registrar or CA if they want to be. Registries are centralized over a particular namespace. ICANN is centralized over the so called root namespace. Technically anybody can create any namespace, alt-root, they want.

In the CA world: AFAIK Certificate Authorities are actually less centralized then DNS. I am not aware of an equivalent to ICANN in the certificate space. Anybody can create certificates. The question is how you get it trusted by the entities that need/want it. Getting it trusted by browser can be difficult and costly ... don't know if that is bad. I think it can be argued that because it is so easy to become a CA and there is no oversight that bad actors come about more often. This is a big problem.

@jimscarver
Copy link

I think the point here is that Registrars, CAs and DNS are not really
DEcentralized in practice. The issue is how we set up a Web of Trust
Registrar,
CA and DNS.

I've registered a bunch of .bit blockchain domains. But name services do
not support it. In order to enable the web of trust we must use
name services that follow individual users rules rather than risk trusting
services of those not having their interest in mind. Such services are one
of the FreeTrust.org listed minimum viable products
https://docs.google.com/document/d/1Sft2Reb76oI-L_3oSAiwP9c-qSN1SuL38z9VCpKWaq4/edit#heading=h.d8cs59srr0md
being considered.

I am just learning what is happening here but hope to get involved.

Best, Jim

On Tue, Oct 27, 2015 at 10:48 AM, Les Chasen [email protected]
wrote:

re: authorities-vs-Peers: pain points in security.md
cc: @ChristopherA https://github.com/ChristopherA

The first paragraph first sentence states, "DNS Registrars and Certificate
Authorities (CAs) offer examples of centralized authorities of trust on the
Internet"

A meta point ... Registrars and CAs are not really centralized.

In The DNS world: Anybody can be a registrar or CA if they want to be.
Registries are centralized over a particular namespace. ICANN is
centralized over the so called root namespace. Technically anybody can
create any namespace, alt-root, they want.

In the CA world: AFAIK Certificate Authorities are actually less
centralized then DNS. I am not aware of an equivalent to ICANN in the
certificate space. Anybody can create certificates. The question is how you
get it trusted by the entities that need/want it. Getting it trusted by
browser can be difficult and costly ... don't know if that is bad. I think
it can be argued that because it is so easy to become a CA and there is no
oversight that bad actors come about more often. This is a big problem.


Reply to this email directly or view it on GitHub
#12.

@lchasen
Copy link
Author

lchasen commented Oct 27, 2015

I agree on the goal … but i think it is important to recognize what parts of the existing ecosystem are really centralized and which parts are not. These folks are just actors playing in a community that formed with particular rules of the road, both formal and informal, that have come about over the years. The rules in place were not necessarily purposefully put in place rather the ecosystem formed.

In this new decentralized, commons based, world we envision there will also be various players, some similar in nature to registrars and CAs and other players in the internet, that all have agendas of varying degrees. I think the goal is to come up with a decentralized ecosystem that based on incentives encourages good behavior with less centralized oversight. To get there, IMHO, we need to recognize who all the actors are in the centralized version we want to replace. i think the decentralized world will end up with similar actors.

On Oct 27, 2015, at 11:22 AM, jimscarver [email protected] wrote:

I think the point here is that Registrars, CAs and DNS are not really
DEcentralized in practice. The issue is how we set up a Web of Trust
Registrar,
CA and DNS.

I've registered a bunch of .bit blockchain domains. But name services do
not support it. In order to enable the web of trust we must use
name services that follow individual users rules rather than risk trusting
services of those not having their interest in mind. Such services are one
of the FreeTrust.org listed minimum viable products
https://docs.google.com/document/d/1Sft2Reb76oI-L_3oSAiwP9c-qSN1SuL38z9VCpKWaq4/edit#heading=h.d8cs59srr0md
being considered.

I am just learning what is happening here but hope to get involved.

Best, Jim

On Tue, Oct 27, 2015 at 10:48 AM, Les Chasen [email protected]
wrote:

re: authorities-vs-Peers: pain points in security.md
cc: @ChristopherA https://github.com/ChristopherA

The first paragraph first sentence states, "DNS Registrars and Certificate
Authorities (CAs) offer examples of centralized authorities of trust on the
Internet"

A meta point ... Registrars and CAs are not really centralized.

In The DNS world: Anybody can be a registrar or CA if they want to be.
Registries are centralized over a particular namespace. ICANN is
centralized over the so called root namespace. Technically anybody can
create any namespace, alt-root, they want.

In the CA world: AFAIK Certificate Authorities are actually less
centralized then DNS. I am not aware of an equivalent to ICANN in the
certificate space. Anybody can create certificates. The question is how you
get it trusted by the entities that need/want it. Getting it trusted by
browser can be difficult and costly ... don't know if that is bad. I think
it can be argued that because it is so easy to become a CA and there is no
oversight that bad actors come about more often. This is a big problem.


Reply to this email directly or view it on GitHub
#12.


Reply to this email directly or view it on GitHub #12 (comment).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants