[EURO-Discuss] Short bio for the election of the Euralo representatives to the ALAC
JFC Morfin
jefsey at jefsey.com
Sun Aug 31 13:00:23 EDT 2008
At 17:15 31/08/2008, Patrick Vande Walle wrote:
>Security is not only a bunch of smart shell scripts around openssl or
>dnssec-signzone. It is first and foremost how clearly identifiable you
>are in the real world and what credit you get from others. Users both
>large and small are less concerned with the company's technical ability
>than by its toll-free number for complaints and the office address where
>they can send their lawyer letters.
This is a first point.
Second point should be that security should be simpler, cheaper and
more robust.
As often with the Internet one add an option to patch a missing part.
Here, like in IDNs the presentation layer is missing. Question: is
there a way to simply (hence architecturally) build a secure
Internet? I think there is one as a ONES (open network extension
system, i.e. in using an OPES underlaying system). But this needs to
be really investigated and the WG-OPES was closed when we could have
started discussing it. Not yet in the IETF thinking paradigm. But
that could probably be implemented as an Internet Plus recipe?
Third and more important mid-term point.
Secured relations are of the essence in the Inter Semantic network
usage. More and more facilitation technologies will evolve towards
networking as a replacement of writing or showing human utterances
(certainly within less than 10 years). Semantic addressing is the
simple way we say to day "dnssec as I think it is" which will
translated to "dnssec.jefsey.com" that your computers can compare
with dnssec.vande-walle.eu and dnssec.thur.de to try to propose us a
consensual synthesis.
Is that a dream?
I am working on an IETF Draft on Semantic Addressing, so I am
interested (similar but interactive and much more common than URI).
The semiotical maieutics for our fellow servers to datamine/interview
our brains is something separate that advance well in parallel. We
use it for years for simple issues (like psychological tests, school
quiz, etc.). This means that a security oriented architectural shift
of the Internet is necessary and therefore financially acceptable
once properly documented (it does not always means a technology
shift, but a vision shift).
Example. Before trusting any Private Key Institutions, we need to
trust the concept and the network. Are Base64 keys secure enough? Is
the Internet credible the way it is organised? As you say, we,
people, tend to love what is clearly identifiable. When we ask for a
toll-free number, we want to know where the toll-free number operator
is located in order qualify the answers we get. We trust car plates
and telephone numbers more than domain names because we know they are
publicly displayed, related to something everyone knows (geography),
in a way many will therefore perceive the possible conflicts (hence
frauds or mistakes). There is a kind of built-in simple FEC (Forward
Error Correction) in telephone numbers. If you want to call someone
in the USA you know that "44" is not the correct header. You know
your area code and you know if a number is local. This simple things
the Internet misses have helped protecting us so far.
>However, I still stand by my original position that domain name system
>is designed to translate strings of characters into IP addresses. This
>was the spirit of RFC882. It was designed to be a system where updates
>were not frequent. Caching and secondary name servers can provide an
>answer that may not be in sync with the primary. I do not really see how
>the DNS could handle the reponsiveness needed for revokation of keys.
I agree with you about the "DNS". But DNS is just a DDDS application.
DDDS (RFC 3401 > 3405) are "Dynamic Delegation Discovery Systems".
They are "used to implement lazy binding of strings to data, in order
to support dynamically configured delegation systems. The DDDS
functions by mapping some unique string to data stored within a DDDS
Database by iteratively applying string transformation rules until a
terminal condition is reached.". DDDS may have many applications
(ontologies, multi-consensus building, documentation,
classifications, e-mails, etc.) and should be worked on (also in ISO
11179 context of metadata registries).
DDDS and DNS
I think we should reconsider the DNS as a DDDS application, after
having seriously worked on DDDS. The interest is that the DNS being a
DDDS, backward compatibility should be protected. Let imagine an ISO
11179 conformant secure DDDS supporting a CVS. The problem with the
DNS (IMHO) is that its a kind of "proprietary" development (filled
with specific short-cuts and lacking hooks and proven extensions) and
not a standard application of a known architecture supported by a
competitive market. DNS has shown that the concept can be used in
many areas. The concept. I fully agree: not the current implementation.
However, if you consider DDDS, you see that the way IETF has defined
them so far is a good start. Yet, they cannot depend on external
parameters (like for example weather, load, warning level, costs,
etc.) and must be closed "black boxes". That is too bad, because if
you consider DDDS carefully you will be surprised how it can be close
from most of the complex/intelligent thinking, utterance, and biology schemata.
Have a good WE.
jfc
More information about the EURO-Discuss
mailing list