[Discuss] Why the dislike of X.509?
Derek Atkins
warlord at MIT.EDU
Tue Aug 26 13:07:29 EDT 2014
Richard Pieri <richard.pieri at gmail.com> writes:
> On 8/26/2014 10:37 AM, markw at mohawksoft.com wrote:
>> *any* shared or distributed authority has the same issue.
>
> Shared is not distributed. Shared means more than one entity has
> authority. Each entity is a point of compromise for the entire system.
>
> Distributed means no single entity has authority; a quorum or a
> unanimous consensus is required. Compromise of one entity does not
> compromise the entire system.
So where does DNS come in? I think most DNS experts would define it as
a "distributed" system. However there *is* a single entity that has
authority -- the root servers. Compromise of that would compromise the
whole DNS system. However there are watchdogs all over the world whose
role is preventing that.
I would argue that it's not a clear dichotomy between "shared" and
"distributed".
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the Discuss
mailing list