[spec] A possible client-side, community-based solution to the drawbacks of TOFU authentication

Stephane Bortzmeyer stephane at sources.org
Sun Apr 11 10:17:44 BST 2021

On Sun, Apr 11, 2021 at 04:12:30AM -0400,
 Benjamin Cronin <bcronin720 at gmail.com> wrote 
 a message of 89 lines which said:

> a server's long-term certificate to be registered in a public place
> for new visitors of a site to check against.

The main issue with your proposal is "who will check that this
registration is done by the rightful [for some definition of rightful]
holder, and how will they do this check?"

Instead of saying:

> I have put a lot of thought and effort

I suggest that it would be better to give the answer to the above
issue. I do not find in your email even one line of technical
explanation about your invention.

> This means no blockchain based technology or other popular
> distributed system of trust, due to the computing requirements that
> their proof of stake require.

You mean proof of work? Because proof of stake does not have such
computing requirments.

Anyway, even blockchains, as demonstrated in the last ten years with
Namecoin, still have the problem of initial enrollment. How do you
address it? [Namecoin is strictly first-come-first-served, with zero
recourse in case something goes wrong.]

> At the current moment, I have not found any specific research along
> these lines,

Without specific requirments, it is hard to say if there is something
similar. For instance, do you plan to do something similar to
Certificate Transparency, or will you envision something different?
Other relevant stuff may include CoDoNS
<http://www.cs.cornell.edu/people/egs/beehive/codons.php> ConfiDNS
ENS <https://ens.domains/> or the many others "distributed trust"
systems now buried under 404 error codes.

Sorry if I'm harsh but, as you know "I have designed a secure,
efficient, cheap system of distributed trust and naming over the
Internet" is in computer networks what the "I have deciphered the
Phaistos disk" is in linguistics. We are cautious.

More information about the Gemini mailing list