Ben Laurie blathering


Apparently the Pirate Bay are tired of ICANN and want to start their own peer-to-peer DNS. I think their chances of wide adoption are pretty near zero, but it’s an interesting area that’s needed serious exploration for quite some time. Obviously if you’re doing P2P DNS you need to use DNSSEC or attacks become trivial. Since they also want to have multiple registrars who can nominate themselves, it seems a proposal I made to the DNS working group many years ago could be handy. Basically, the idea is to distribute keys for “islands of security” by having bilateral agreements between them, so each island signs some set of other island’s keys, if they want to. The user then bootstraps their set of keys by starting from an island or islands they trust.

When ferreting this out I found that the -01 version is already on my server, and I just uploaded -02 – not sure what the differences are, when I have some time I’ll make a diff. Probably.


  1. Can the signatures be revoked, or do they expire and require re-signing?

    Comment by robin — 3 Dec 2010 @ 9:12

  2. Robin: yes. 🙂

    Comment by Ben — 4 Dec 2010 @ 14:31

  3. Please do! 🙂

    Comment by Adriana — 8 Dec 2010 @ 6:02

  4. given all of the cctlds (not under control of icann and arguably some are not under control at all) i wonder why they are bothering.

    Comment by mark — 31 Jan 2012 @ 18:28

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress