News of ISC Developing BIND Patch

• Previous message (by thread): News of ISC Developing BIND Patch
• Next message (by thread): News of ISC Developing BIND Patch
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 17 Sep 2003, David Schwartz wrote:
> 	That doesn't help in this case. You need a way to verify ownership of an
> identifier. I don't want anyone else to be able to claim my identifier.
> 
> 	Perhaps we can devise a scheme where I generate a random number and morph
> it  into a 'private key'. Then I pass it through some algorithm to generate
> a 'public key' which is the identifier that I use. I then use the private
> key to prove my ownership of the public key. Nobody else can claim my public
> key because they don't know the corresponding private key.
> 
> 	In fact, you could just use an RSA public key as the identifier directly.
> This is likely not the best algorithm, but it's certainly an existence proof
> that such algorithms can be devised without difficulty.
> 
> 	In fact, I'm going to call my patent attorney instead of sending this
> email. ;)

Heh, you mean like the nym based security that djb mentions at
http://cr.yp.to/djbdns/forgery.html

I've also seen several other proposals for the same thing.  Most of them
revolve around making a hash of the public key and using it as part of
the domain name.

Just so that I don't have to worry about somebody patenting any of these
variations a year or more in the future, here is a public disclosure:

A method for authentication where a public key is converted to a
representation usable by a DNS server and used as a domain name.

Conversion includes, but is not limited to, hashing, checksumming,
compressing, encoding, encyphering, translating to hex, binary, octal, or
other symbol system, or any other representation that may be returned by a
DNS server.

For the purposes of the following example the client is a device that
wishes to look up a record in DNS that allows it to communicate with a
server.  A server is a device that communicates with clients.

The conversion may be loss-less or lossy.

If the conversion is loss-less then the conversion is reversed by the
client in order to determine the public key.

If the conversion is lossy then the complete public key is communicated to
the client by the server and is compared to the lossy representation used
for DNS by performing the same conversion.  If the comparison fails the
authentication fails.

Mike.

+----------------- H U R R I C A N E - E L E C T R I C -----------------+
| Mike Leber           Direct Internet Connections   Voice 510 580 4100 |
| Hurricane Electric     Web Hosting  Colocation       Fax 510 580 4151 |
| mleber at he.net                                       http://www.he.net |
+-----------------------------------------------------------------------+

• Previous message (by thread): News of ISC Developing BIND Patch
• Next message (by thread): News of ISC Developing BIND Patch
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]