[Freedombox-discuss] Establishing Communicationbetween Freedomboxes
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jul 7 17:51:12 UTC 2011
On 07/07/2011 01:27 PM, Bjarni Rúnar Einarsson wrote:
> Contrasting this with the GPG/keyserver idea, I'd like to point out that DNS
> is already a highly distributed scalable system with a global selection of
> providers already in place. The keyservers are relatively centralized and
> fragile by comparison, and it's not obvious that relying on them would scale
> to the numbers that the FreedomBox hopes to reach.
The above paragraph doesn't agree with my understanding of the terms
you're using.
DNS itself is highly centralized: the controllers of the root zone are
capable of doing arbitrary damage to the entire tree. Its
implementation is distributed, because sub-trees are managed by
independent entities. But that just means that for the hostname
foo.example.com, there are several hierarchical entities that can fully
compromise any RR associated with the name:
* the root zone maintainer
* the .com zone maintainer
* the example.com zone maintainer
DNS requires *all* of these parties to resist infiltration and pressure
from an adversary for foo.example.com to remain intact.
OpenPGP keyservers act as a gossiping cloud -- no one keyserver is "the
most up-to-date" at any point. The only way that they're centralized is
that we currently access them through DNS. Indeed, the worst problems
we've had with the global keyserver network recently stem from DNS
centralization (the sks-keyservers.net DNS zone became unresponsive
while its maintainer was afk), *not* keyserver centralization.
I'm not claiming that SKS or the OpenPGP keyserver model is a panacea.
It certainly brings with it its own problems. But it is definitely
*not* centralized compared to DNS.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110707/d4861207/attachment.pgp>
More information about the Freedombox-discuss
mailing list