[Freedombox-discuss] Establishing Communicationbetween Freedomboxes
Bjarni Rúnar Einarsson
bre at pagekite.net
Thu Jul 7 18:43:06 UTC 2011
On Thu, Jul 7, 2011 at 5:51 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net>wrote:
>
> OpenPGP keyservers act as a gossiping cloud -- no one keyserver is "the
> most up-to-date" at any point. The only way that they're centralized is
> that we currently access them through DNS. Indeed, the worst problems
> we've had with the global keyserver network recently stem from DNS
> centralization (the sks-keyservers.net DNS zone became unresponsive
> while its maintainer was afk), *not* keyserver centralization.
>
Most of what you said about DNS was true - given a very powerful adversary
and naive use of the DNS system: if all dissidents register as
person.dissident.org, they are trivially attacked.
However, if 100 dissidents use 10000 different TLDs from 1000 different DNS
providers, shared with millions of legitimate users who would complain if
things broke - then things become quite different. All those high-profile
choke-points you pointed out are recognized and well understood, and well
defended as well. They can be compromised, but it requires a powerful
adversary and would be global, politically charged news the moment it
happened. I suspect a great many countries would react quite badly if the
root started directly interfering with country TLDs. DNS is distributed in
more ways than just the protocol.
By contrast, I am guessing (just guessing!) that the keyserver network could
probably be DDOS'ed off the map by a moderately sized botnet. And it would
be gossip-section news, not the front page of the New York Times. Boosting
it to support the load of millions of FreedomBoxes' traffic, in addition to
hardening it against malicious attacks is certainly possible, but I doubt
it's trivial.
But anyway, you just circled back on yourself and pointed out that the
keyserver network itself relies on DNS anyway. :-)
--
Bjarni R. Einarsson
Founder, lead developer of PageKite.
Make localhost servers visible to the world: http://pagekite.net/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110707/cecf1019/attachment.html>
More information about the Freedombox-discuss
mailing list