[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: global names are a security flaw

If using a given name server requires you to register your existence
and location with a government that may not like you or may want your
money or your body at some point, it's a security risk.  But that's
politics; there are at least some semitechnical issues to discuss.

At 01:36 PM 12/06/1997 +0200, Camillo Särs wrote:
>Exactly.  And there is nothing but local domains.  All name domains that
>exist are local to the context where they are used.  If you need to
>interact with somebody, you need to map that "somebody" to your local name
>space.  There is no "common global name" you can apply.  Even if there
>were, you could not recognize it, as it does not exist in your local name

Some equivalences are easy to support.

If someone has a "common global name" tree, and you can validate its
root sufficiently for your purposes, you can include it in your local space.
Thus, "Bob's NameCabal's Alice.Smith" can be valid, and Bob and Carol may
know that "Carol's Bob's NameCabal's Alice.Smith" is the same as
"Carol's NameCabal's Alice.Smith".

Conversely, if the NameCabal trusts Bob to only assign each name once,
"NameCabal's Bob's Alice.Smith" is usable, and may even be the same as
"Carol's Bob's Alice.Smith".

The difficulties occur when the various NameCabals or their friends
- take a Highlander view of namespace ("There can BE only One!"),
- advocate government banning unlicensed name service
- insist that no person can maintain multiple entries in multiple
	namespaces, or in namespaces outside their control
- insist that everyone register into a namespace 
	(get your Number Of The Beast tattooed on your arm today!)

More limited problems occur when NameCabals do unfriendly things
in ways that competition and market rejection may limit their success
- attempt to limit commerce to participants in their namespace
- tie registration and commerce to government papers-in-order status

>As long as you can't force all local name spaces to be subsets of the
>"global name space" you are referring to, the mapping you describe is
>mathematically impossible. I believe that X.500 died because the local name
>spaces could not be made subsets of the global name space. 

DNS names are a global namespace, as are X.500 names, and they've
mostly succeeded, modulo a few problems like ownership of the root.
X.500 is dying because it's unnecessarily complex, unnecessarily ugly,
not designed very well for automation, and is mainly intended for
supporting a mail system designed by bureaucrats rather than implementers
which runs on top of a bloated complex ugly networking protocol
that the market didn't accept either.  The lack of wide acceptance
of X.400 is partly driven by the ugliness of X.400 as well.
And beyond all that, the Web has forced everybody to jump into
DNS space and SMTP mail whether they use it internally or not -
and the internal alternatives tend to be Netbios or Appletalk
namespaces running MSMail or CCmail or similar closed email,
rather than X.400.

Bill Stewart, stewarts@ix.netcom.com
Regular Key PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639

Follow-Ups: References: