On Mon, 2010-12-06 at 14:23 -0800, David Barrett wrote:

But any real system needs some ability for *somebody* to revoke/change the mapping (eg, if a trademark violation in the jurisdiction of the TLD owner), so any real system is no better than the current one in terms of defense against government seizure.

Agreed, FWIW. It's not the place of DNS to try to defend against government seizure. What we need to be preventing is criminal authentication fraud -- that is, when someone follows a false DNS record and winds up at a site that pretends to be the registrant's site, but which is not in fact controlled by the registrant. At this point every spammer and malware author in the world has a CA root key or two; and the CA's themselves never check crap, they just collect the money and sign whatever for whoever. And DNS nodes often accept "updates" that originate with criminals rather than registrants, and cannot be traced - so the extant authentication mechanisms are deeply broken. It's hard to imagine a proper fix that will work for the people and institutions whose cooperation would be required to implement it. Bear _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE