STEED - Usable end-to-end encryption
marcus.brinkmann at ruhr-uni-bochum.de
Thu Oct 20 04:16:01 CEST 2011
thanks for your feedback.
On 10/19/2011 09:30 PM, Peter Lebbing wrote:
> However, I think you're not ambitious enough when you opt for using DNS for key
> distribution. Yes, the infrastructure and RR types are already there. But it
> brings this nasty dependency on the provider. Because the part of the client
> updates to the DNS is a key missing part in the DNS infrastructure as today, and
> I don't see providers adding that soon.
You are right that it is a challenge to get the support in the providers, but
note that changes in the mail client are required anyway. Sure, changing the
client and changing the DNS infrastructure are two different kind of beasts,
but we probably can not do without the providers completely if we want
> I'm thinking more of things like DHT, Distributed Hash Tables, in BitTorrent, or
> similar concepts in other peer-to-peer networks. I have no idea how it works :),
> but it does. You fire up your BitTorrent, all the data it needs is the hash of a
> torrent file, and suddenly it learns IP-addresses of other people who share that
> torrent file. If you could do something similar for mapping e-mail addresses to
> certificates, you don't need ISP's to implement extra stuff. Because I think
> that is a really major hurdle; probably a too steep one, IMHO.
Yes, P2P networks are great, let's do more of those. But why stop at
certificates? Just use a P2P network for all of DNS.
See what happened? I just turned it around. :)
The paper notes how we can utilize DNSSEC to strengthen our trust model.
Similarly, we can utilize a P2P based DNS system. Now instead of one problem,
we got two :)
P2P systems are tricky to get right, and have their own tradeoffs. Also,
while acceptance for our proposal among service providers will be tough to
get, I'd expect that getting acceptance for a P2P based system would be even
harder. A lot of things have to fall into place to make a P2P network a
viable alternative, and not all of them are technical.
More information about the Gnupg-devel