[Freedombox-discuss] Distributed Naming BOF Questions

Subject: [Freedombox-discuss] Distributed Naming BOF Questions
From: dkg@fifthhorseman.net (Daniel Kahn Gillmor)
Date: Fri, 05 Aug 2011 13:07:51 -0400
Message-id: <[🔎] 4E3C2367.2000600@fifthhorseman.net>
In-reply-to: <[🔎] E7E23291E2E94D7681E3BF85078BFDDA@SUZIE>
References: <[🔎] 41F9A4C9483246C0AF1596C5BFF99459@SUZIE> <[🔎] 4E3B0B9E.3050904@fifthhorseman.net> <[🔎] E7E23291E2E94D7681E3BF85078BFDDA@SUZIE>

On 08/04/2011 11:24 PM, John Walsh wrote:

> If, the FBX does issue domain names it could reduce the attack surface by
> picking a single TLD 

hm.  this would be either "reducing the attack surface" or "maximizing
the value of the target".

That is, if all freedomboxes used DNS names hosted in some subzone of
example.org, then a malicious adversary would need to lean on either:

 * the root zone operator
 * the .org zone operator, or
 * the .example.org zone operator

once they did this, they could control *every* freedombox.  I'm not
convinced this is a win. :(

> Again if the FBX does issue domain names can't the foundation pick a host
> that uses DNSSEC effectively, or does every host have to use DNSSEC for it
> to be effective?

For DNSSEC to be cryptographically effective,

 0) every zone used needs to signed properly, and publish signing keys
for its subzones
 1) every named host needs to have key material published for that host
(via e.g. DANE or sshfp records) in DNS
 2) every *client* needs to actually check every DNSSEC signature and
verify it properly (this means recursive verification back to
widely-published, pre-seeded root zone signing keys)

IMHO, part (2) is the hard part.  it's certainly the part that is
farthest from completion today.

Note that even if this is all done, DNS is still vulnerable to the
points of centralized control i described above.

> IMHO, I don't think we can stop feeding our personal data and relationship
> information back into the existing system, because unfortunately, we will
> not be able to get *all* our family and friends on an FBX.

there are network effects at work here (if all *their* family and
friends are using this alternate infrastructure, they'll have incentive
to switch themselves), and this doesn't need to be an all-or-nothing thing.

But we do need to find ways we can help people cut down on the amount of
information they feed to the surveillance regime, or else the project
will end up being just pretty window-dressing, and might actually
increase surveillance and repression.  That would be a sad outcome.

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110805/755f4b5d/attachment.pgp>

Reply to:

Follow-Ups:
- [Freedombox-discuss] Distributed Naming BOF Questions
  - From: isaac@freenetworkmovement.org (Isaac Wilder)

References:
- [Freedombox-discuss] Distributed Naming BOF Questions
  - From: fiftyfour@waldevin.com (John Walsh)
- [Freedombox-discuss] Distributed Naming BOF Questions
  - From: dkg@fifthhorseman.net (Daniel Kahn Gillmor)
- [Freedombox-discuss] Distributed Naming BOF Questions
  - From: fiftyfour@waldevin.com (John Walsh)

Prev by Date: [Freedombox-discuss] Debian as though cryptographic authentication mattered Questions
Next by Date: [Freedombox-discuss] Distributed Naming BOF Questions
Previous by thread: [Freedombox-discuss] Distributed Naming BOF Questions
Next by thread: [Freedombox-discuss] Distributed Naming BOF Questions
Index(es):
- Date
- Thread