[EURO-Discuss] Short bio for the election of the Euralo representatives to the ALAC

JFC Morfin jefsey at jefsey.com
Sun Aug 31 13:00:23 EDT 2008


At 17:15 31/08/2008, Patrick Vande Walle wrote:
>Security is not only a bunch of smart shell scripts around openssl or
>dnssec-signzone. It is first and foremost how clearly identifiable you
>are in the real world and what credit you get from others. Users both
>large and small are less concerned with the company's technical ability
>than by its toll-free number for complaints and the office address where
>they can send their lawyer letters.

This is a first point.


Second point should be that security should be simpler, cheaper and 
more robust.

As often with the Internet one add an option to patch a missing part. 
Here, like in IDNs the presentation layer is missing. Question: is 
there a way to simply (hence architecturally) build a secure 
Internet? I think there is one as a ONES (open network extension 
system, i.e. in using an OPES underlaying system). But this needs to 
be really investigated and the WG-OPES was closed when we could have 
started discussing it. Not yet in the IETF thinking paradigm. But 
that could probably be implemented as an Internet Plus recipe?


Third and more important mid-term point.

Secured relations are of the essence in the Inter Semantic network 
usage. More and more facilitation technologies will evolve towards 
networking as a replacement of writing or showing human utterances 
(certainly within less than 10 years). Semantic addressing is the 
simple way we say to day "dnssec as I think it is" which will 
translated to "dnssec.jefsey.com" that your computers can compare 
with dnssec.vande-walle.eu and dnssec.thur.de to try to propose us a 
consensual synthesis.


Is that a dream?

I am working on an IETF Draft on Semantic Addressing, so I am 
interested (similar but interactive and much more common than URI). 
The semiotical maieutics for our fellow servers to datamine/interview 
our brains is something separate that advance well in parallel. We 
use it for years for simple issues (like psychological tests, school 
quiz, etc.). This means that a security oriented architectural shift 
of the Internet  is necessary and therefore financially acceptable 
once properly documented (it does not always means a technology 
shift, but a vision shift).

Example. Before trusting any Private Key Institutions, we need to 
trust the concept and the network. Are Base64 keys secure enough? Is 
the Internet credible the way it is organised?  As you say, we, 
people, tend to love what is clearly identifiable. When we ask for a 
toll-free number, we want to know where the toll-free number operator 
is located in order qualify the answers we get. We trust car plates 
and telephone numbers more than domain names because we know they are 
publicly displayed, related to something everyone knows (geography), 
in a way many will therefore perceive the possible conflicts (hence 
frauds or mistakes). There is a kind of built-in simple FEC (Forward 
Error Correction) in telephone numbers. If you want to call someone 
in the USA you know that "44" is not the correct header. You know 
your area code and you know if a number is local. This simple things 
the Internet misses have helped protecting us so far.

>However, I still stand by my original position that domain name system
>is designed to translate strings of characters into IP addresses. This
>was the spirit of RFC882. It was designed to be a system where updates
>were not frequent. Caching and secondary name servers can provide an
>answer that may not be in sync with the primary. I do not really see how
>the DNS could handle the reponsiveness needed for revokation of keys.

I agree with you about the "DNS". But DNS is just a DDDS application. 
DDDS (RFC 3401 > 3405) are "Dynamic Delegation Discovery Systems". 
They are "used to implement lazy binding of strings to data, in order 
to support dynamically configured delegation systems. The DDDS 
functions by mapping some unique string to data stored within a DDDS 
Database by iteratively applying string transformation rules until a 
terminal condition is reached.".  DDDS may have many applications 
(ontologies, multi-consensus building, documentation, 
classifications, e-mails, etc.) and should be worked on (also in ISO 
11179 context of metadata registries).


DDDS and DNS

I think we should reconsider the DNS as a DDDS application, after 
having seriously worked on DDDS. The interest is that the DNS being a 
DDDS, backward compatibility should be protected. Let imagine an ISO 
11179 conformant secure DDDS supporting a CVS. The problem with the 
DNS (IMHO) is that its a kind of "proprietary" development (filled 
with specific short-cuts and lacking hooks and proven extensions) and 
not a standard application of a known architecture supported by a 
competitive market. DNS has shown that the concept can be used in 
many areas. The concept. I fully agree: not the current implementation.

However, if you consider DDDS, you see that the way IETF has defined 
them so far is a good start. Yet, they cannot depend on external 
parameters (like for example weather, load, warning level, costs, 
etc.) and must be closed "black boxes".  That is too bad, because if 
you consider DDDS carefully you will be surprised how it can be close 
from most of the complex/intelligent thinking, utterance, and biology schemata.

Have a good WE.
jfc





More information about the EURO-Discuss mailing list