[
Lists Home |
Date Index |
Thread Index
]
Rich Salz wrote:
>>I cetainly would not accept such an authority. I'd preffer distributed
>>metadata bundled with the subject resources.
>
>
> The problem is trust, from a security/crypto viewpoint. If you have a
> distributed directory (which, I agree, is basically what you want),
He said distributed metadata. You said distributed directory. I'm not
sure if you're talking about the same thing. A WSDL or RDF file on my
server is distributed metadata but it isn't a distributed directory.
> handling trust becomes difficult.
Many people feel otherwise. They feel that the centralization degrades
security because it erects a single point to attack and introduces a
third-party into transactions that would otherwise only involve two.
They also feel that DNS is bad because it is a *centralized* directory:
"The insecure names trap:
1. Assume that you need arbitrary keys including non-self-authenticating
ones.
2. Think about the problem of crossing trust boundaries, and solve by
delegating to a "trusted third party".
3. Forever after you will be vulnerable to
MicrosoftNSIVerisignICANNUSGovInc. and anyone (including their
employees) who can subvert one of their servers. When this bloated
monopoly screws something up, your system will pay the price for their
incompetence. You will not be able to choose a different name authority,
because everyone else will also be tied to the central monopoly and you
will need their service in order to interoperate with the world. (Does
this scenario sound familiar to any sysadmins out there?) In addition,
they will charge you a tax on every packet for the privilege of
continued service."
http://zooko.com/distnames.html
I guess it depends on what you mean by "trust". And that in turn depends
on the problem domain.
Paul Prescod
|