[Cryptography] Why not the DNS? (was Re: Implementations, attacks on DHTs, Mix Nets?)
Jerry Leichter
leichter at lrw.com
Wed Aug 28 10:43:24 EDT 2013
On Aug 28, 2013, at 8:34 AM, Perry E. Metzger wrote:
> On Tue, 27 Aug 2013 23:39:51 -0400 Jerry Leichter <leichter at lrw.com>
> wrote:
>> It's not as if this isn't a design we have that we know works:
>> DNS.
Read what I said: There's a *design* that works.
I never suggested *using DNS* - either its current physical instantiation, or even necessarily the raw code. In fact, I pointed out some of the very problems you mention.
What defines the DNS model - and is in contrast to the DHT model - is:
- Two basic classes of participants, those that track potentially large amounts of data and respond to queries and those that simply cache for local use;
- Caching of responses for authoritative-holder-limited amounts of time to avoid re-querying;
- A hierarchical namespace and a corresponding hierarchy of caches.
DNS and DNSSEC as implemented assume a single hierarchy, and they map the hierarchy to authority. These features are undesirable and should be avoided.
-- Jerry
More information about the cryptography
mailing list