- From: Harry Halpin <hhalpin@ibiblio.org>
- Date: Tue, 21 Dec 2010 16:34:22 +0100
- To: Aaron Swartz <me@aaronsw.com>
- Cc: www-tag@w3.org
On Tue, Dec 21, 2010 at 2:13 PM, Aaron Swartz <me@aaronsw.com> wrote: > In response to this discussion, I wrote up some thoughts on how a > censorship-resistant Web might work. I tried to hew as close to > existing Web standards and principles as possible while ensuring the > strongest possible censorship-resistance and reasonable levels of > security. > > I'm eager to here people's thoughts on the design: > > http://www.aaronsw.com/weblog/uncensor I think it's a good approach overall. What is the relationship between that and peer-to-peer based approaches as a backup to DNS and DNSSec? Is there a way to get rid of the hash step and just replace it all with (possibly decentralized self-signed certs, as in WebID/FOAF+SSL) certs and sigs? Maybe imagine a system where there is a p2p-based management of certs in browsers. The main problem with p2p DNS systems is trusting the peers, so having the peers being forced to sign all statements is the way out. The fact that the DNS entries also have to be signed, and the web-pages - possibly via using the same certs in TLS+(some minor deltas to) HTTP Auth - have to be signed, helps. Aaron had a very good observation there. So, the key is when the owner of a website feels it's being censored, the owner can make a broadcast (and signed) statement that this is the case, possibly via some p2p system or revoking the key they used to make the contract with the registrar/ISP/etc. Assuming they get the broadcast message, then the browsers automagically know can stop using normal DNS for the site, but rely on some p2p-based DNS backup, where the sigs then match. > >
Received on Tuesday, 21 December 2010 15:34:55 UTC