[foaf-protocols] role of dnssec in webid; mappping URI authority elements at domain boundaries

[Reto Bachmann-Gmür]

On Mon, Jan 3, 2011 at 11:33 PM, Henry Story <henry.story at bblfish.net> wrote:
>
> On 3 Jan 2011, at 21:22, Reto Bachmann-Gmür wrote:
>
>> Have trouble seeing the relation to the decentralized end-to-end
>> security WebId aims to offer.
>>
>> The WebId infrastructure shall never rely on centralized system,
>
> never is a bit strong of a word, as you imply below...
I think "rely" might be the wrongly chosen word, it should never
depend on such a system.
>
>> such
>> systems may initially foster adoption and as such they may be
>> integrated but WebId shall never depend on them.
>
> Every system and structure has its advantages and limitations, will have
> choke points and control systems, however centralised it be.
> DNS has its set of issues, but I imagine decentralised DNSs will also have
> their issues too.  It is too easy to compare an existing system whose warts
> we understand well to an ideal system that in our imagination has all virtues
> we wish.

Yes freedom has its issues too, yet this is what we're struggling for.

In the recent discussions on w3c tag mailing lists WebId has been
mentioned in the context of possible decentralized replacement for
DNS/DNSSec. Of course centralized systems have their advantages, these
advantages are not advantages in terms of freedom but in terms of
simplicity and performance, today however we can build technologies
that give as a greater freedom - WebId is one of them.

>> As a consequence
>> (because DNS is centralized) the social meaning of a URI/WebId must
>> not be defined in function of a dereferenciation mechanism,
>> <http://bblfish.net/#hjs> will still be Henry Story even if the domain
>> is revoked under anti-terrorism legislation due to Henry's support for
>> wikileaks.
>
> I think instead of trying to fix these issues with DNS, I'd urge people
> to go out and be active politically to make sure we all have a working
> democracy with strong protection for freedom of expression.
If you think the world is becoming a better place by political
activities and central authorities protecting freedom of expression
then I really don't see why we need WebId, why not just have the certs
signed by our benevolent democratic governments, or maybe they could
just assign our secret keys to us, their backup copy would be
guaranteed never to be used to compromise our privacy or our
constitutional freedom of expression (guaranteed for example by
Article 35 of the constitution adopted at the Fifth Session of the
Fifth National People's Congress:
http://www.gov.cn/english/2005-08/05/content_20813.htm).
>
> The meaning of URLs is pragmatically tied to what is returned by dereferencing
> them.
Dereferencing a URI is a pragmatic way to make a reasonable *guess* on
the meaning of that URI. But even if the server controlled by the
anti-terrorism agency to which bblfish.net now points to says
"<http://bblfish.net/#hjs> owl:sameAs ex:Devil" i wouldn't revoke the
statement ":me rel:friend <http://bblfish.net/#hjs>", and no I'm not a
satanist ;)

> But the memory of the web, the way people link to a URL, the ability of
> people to cache information will give ways to track "changes" of meaning. Sometimes
> these are good, as if somebody changes a picture he put up by mistake, sometimes
> less good as if a site gets pulled down, sometimes reasonable if pages are deleted that
> were put up after a break in.
Maybe the Académie française can assign a new meaning to a word, but
that's not how language usually works. On the semantic web things
would be similar if the social meaning sections present in drafts of
rdf concepts and abstract syntax would have become standard. Luckily
it didn't, I would feel very uncomfortable of using a language where
the terms can abruptly change their meaning by means completely out of
my control.

>
> I'll post some links to work on p2p dns later. There were talks on the subject
> at the 27c3. But those are still I think very tentative. Something to follow.

Looking forward to it

Reto

>>
>> On Sun, Jan 2, 2011 at 10:40 PM, peter williams <home_pw at msn.com> wrote:
>>> Linking dnssec with P2P trust keying
>>>
>>> http://www.links.org/dnssec/draft-laurie-dnssec-key-distribution-02.html
>>>
>>> laurie proposes a classical core and edge architecture, much like BPG core
>>> gets your packet from your ISP island to your peer's ISP island which is
>>> running an IGP within its local space. X.509 cross certs are analogous to
>>> the BGP core routes.
>>>
>>> Basically, a path vector routing algorithm with cross-cert attributes
>>> maintains transitive relationships between edge nodes on a large collection
>>> of walled garden domains, off of which hang walled garden DNS servers with
>>> their own DNSsec key management domains for their own non-delegated zones,
>>> but which also cache and cooperate with public zones with publicly-signed
>>> RRs, that facilitate global record location.
>>>
>>> A much better idea is to have MPLS VPNS running over the BGP core, so you
>>> have proper virtual organizations. Typically, the VO's edge router will be
>>> re-distributing internal routes with local naming into its slice of its
>>> virtual core, adjusting names automatically at the boundary. The MPLS label
>>> tagging architecture scales to huge numbers of re-naming/re-mapping
>>> instances. With MP-BGP one could be renaming/remapping the authority
>>> component of URIs at the boundary, for all it that MP (multi -protocol)
>>> cares about syntaxes.
>>>
>>>
>>>
>>> _______________________________________________
>>> foaf-protocols mailing list
>>> foaf-protocols at lists.foaf-project.org
>>> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>>>
>> _______________________________________________
>> foaf-protocols mailing list
>> foaf-protocols at lists.foaf-project.org
>> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>
> Social Web Architect
> http://bblfish.net/
>
>