[foaf-protocols] role of dnssec in webid; mappping URI authority elements at domain boundaries
henry.story at bblfish.net
Mon Jan 3 23:33:43 CET 2011
On 3 Jan 2011, at 21:22, Reto Bachmann-Gmür wrote:
> Have trouble seeing the relation to the decentralized end-to-end
> security WebId aims to offer.
> The WebId infrastructure shall never rely on centralized system,
never is a bit strong of a word, as you imply below...
> systems may initially foster adoption and as such they may be
> integrated but WebId shall never depend on them.
Every system and structure has its advantages and limitations, will have
choke points and control systems, however centralised it be.
DNS has its set of issues, but I imagine decentralised DNSs will also have
their issues too. It is too easy to compare an existing system whose warts
we understand well to an ideal system that in our imagination has all virtues
> As a consequence
> (because DNS is centralized) the social meaning of a URI/WebId must
> not be defined in function of a dereferenciation mechanism,
> <http://bblfish.net/#hjs> will still be Henry Story even if the domain
> is revoked under anti-terrorism legislation due to Henry's support for
I think instead of trying to fix these issues with DNS, I'd urge people
to go out and be active politically to make sure we all have a working
democracy with strong protection for freedom of expression.
The meaning of URLs is pragmatically tied to what is returned by dereferencing
them. But the memory of the web, the way people link to a URL, the ability of
people to cache information will give ways to track "changes" of meaning. Sometimes
these are good, as if somebody changes a picture he put up by mistake, sometimes
less good as if a site gets pulled down, sometimes reasonable if pages are deleted that
were put up after a break in.
I'll post some links to work on p2p dns later. There were talks on the subject
at the 27c3. But those are still I think very tentative. Something to follow.
> On Sun, Jan 2, 2011 at 10:40 PM, peter williams <home_pw at msn.com> wrote:
>> Linking dnssec with P2P trust keying
>> laurie proposes a classical core and edge architecture, much like BPG core
>> gets your packet from your ISP island to your peer's ISP island which is
>> running an IGP within its local space. X.509 cross certs are analogous to
>> the BGP core routes.
>> Basically, a path vector routing algorithm with cross-cert attributes
>> maintains transitive relationships between edge nodes on a large collection
>> of walled garden domains, off of which hang walled garden DNS servers with
>> their own DNSsec key management domains for their own non-delegated zones,
>> but which also cache and cooperate with public zones with publicly-signed
>> RRs, that facilitate global record location.
>> A much better idea is to have MPLS VPNS running over the BGP core, so you
>> have proper virtual organizations. Typically, the VO's edge router will be
>> re-distributing internal routes with local naming into its slice of its
>> virtual core, adjusting names automatically at the boundary. The MPLS label
>> tagging architecture scales to huge numbers of re-naming/re-mapping
>> instances. With MP-BGP one could be renaming/remapping the authority
>> component of URIs at the boundary, for all it that MP (multi -protocol)
>> cares about syntaxes.
>> foaf-protocols mailing list
>> foaf-protocols at lists.foaf-project.org
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
Social Web Architect
More information about the foaf-protocols