registrars and certificate authorities are not centralized

[lchasen]

re: authorities-vs-Peers: pain points in security.md
cc: @ChristopherA

The first paragraph first sentence states, "DNS Registrars and Certificate Authorities (CAs) offer examples of centralized authorities of trust on the Internet"

A meta point ... Registrars and CAs are not really centralized.

In The DNS world: Anybody can be a registrar or CA if they want to be. Registries are centralized over a particular namespace. ICANN is centralized over the so called root namespace. Technically anybody can create any namespace, alt-root, they want.

In the CA world: AFAIK Certificate Authorities are actually less centralized then DNS. I am not aware of an equivalent to ICANN in the certificate space. Anybody can create certificates. The question is how you get it trusted by the entities that need/want it. Getting it trusted by browser can be difficult and costly ... don't know if that is bad. I think it can be argued that because it is so easy to become a CA and there is no oversight that bad actors come about more often. This is a big problem.

[jimscarver]

I think the point here is that Registrars, CAs and DNS are not really
DEcentralized in practice. The issue is how we set up a Web of Trust
Registrar,
CA and DNS.

I've registered a bunch of .bit blockchain domains. But name services do
not support it. In order to enable the web of trust we must use
name services that follow individual users rules rather than risk trusting
services of those not having their interest in mind. Such services are one
of the FreeTrust.org listed minimum viable products
https://docs.google.com/document/d/1Sft2Reb76oI-L_3oSAiwP9c-qSN1SuL38z9VCpKWaq4/edit#heading=h.d8cs59srr0md
being considered.

I am just learning what is happening here but hope to get involved.

Best, Jim

On Tue, Oct 27, 2015 at 10:48 AM, Les Chasen notifications@github.com
wrote:

re: authorities-vs-Peers: pain points in security.md
cc: @ChristopherA https://github.com/ChristopherA

The first paragraph first sentence states, "DNS Registrars and Certificate
Authorities (CAs) offer examples of centralized authorities of trust on the
Internet"

A meta point ... Registrars and CAs are not really centralized.

In The DNS world: Anybody can be a registrar or CA if they want to be.
Registries are centralized over a particular namespace. ICANN is
centralized over the so called root namespace. Technically anybody can
create any namespace, alt-root, they want.

In the CA world: AFAIK Certificate Authorities are actually less
centralized then DNS. I am not aware of an equivalent to ICANN in the
certificate space. Anybody can create certificates. The question is how you
get it trusted by the entities that need/want it. Getting it trusted by
browser can be difficult and costly ... don't know if that is bad. I think
it can be argued that because it is so easy to become a CA and there is no
oversight that bad actors come about more often. This is a big problem.

—
Reply to this email directly or view it on GitHub
#12.

[lchasen]

I agree on the goal … but i think it is important to recognize what parts of the existing ecosystem are really centralized and which parts are not. These folks are just actors playing in a community that formed with particular rules of the road, both formal and informal, that have come about over the years. The rules in place were not necessarily purposefully put in place rather the ecosystem formed.

In this new decentralized, commons based, world we envision there will also be various players, some similar in nature to registrars and CAs and other players in the internet, that all have agendas of varying degrees. I think the goal is to come up with a decentralized ecosystem that based on incentives encourages good behavior with less centralized oversight. To get there, IMHO, we need to recognize who all the actors are in the centralized version we want to replace. i think the decentralized world will end up with similar actors.

On Oct 27, 2015, at 11:22 AM, jimscarver notifications@github.com wrote:

I think the point here is that Registrars, CAs and DNS are not really
DEcentralized in practice. The issue is how we set up a Web of Trust
Registrar,
CA and DNS.

I've registered a bunch of .bit blockchain domains. But name services do
not support it. In order to enable the web of trust we must use
name services that follow individual users rules rather than risk trusting
services of those not having their interest in mind. Such services are one
of the FreeTrust.org listed minimum viable products
https://docs.google.com/document/d/1Sft2Reb76oI-L_3oSAiwP9c-qSN1SuL38z9VCpKWaq4/edit#heading=h.d8cs59srr0md
being considered.

I am just learning what is happening here but hope to get involved.

Best, Jim

On Tue, Oct 27, 2015 at 10:48 AM, Les Chasen notifications@github.com
wrote:

re: authorities-vs-Peers: pain points in security.md
cc: @ChristopherA https://github.com/ChristopherA

The first paragraph first sentence states, "DNS Registrars and Certificate
Authorities (CAs) offer examples of centralized authorities of trust on the
Internet"

A meta point ... Registrars and CAs are not really centralized.

In The DNS world: Anybody can be a registrar or CA if they want to be.
Registries are centralized over a particular namespace. ICANN is
centralized over the so called root namespace. Technically anybody can
create any namespace, alt-root, they want.

In the CA world: AFAIK Certificate Authorities are actually less
centralized then DNS. I am not aware of an equivalent to ICANN in the
certificate space. Anybody can create certificates. The question is how you
get it trusted by the entities that need/want it. Getting it trusted by
browser can be difficult and costly ... don't know if that is bad. I think
it can be argued that because it is so easy to become a CA and there is no
oversight that bad actors come about more often. This is a big problem.

—
Reply to this email directly or view it on GitHub
#12.

—
Reply to this email directly or view it on GitHub #12 (comment).