From pde at eff.org  Fri Jun 22 17:33:47 2012
From: pde at eff.org (Peter Eckersley)
Date: Fri, 22 Jun 2012 17:33:47 -0700
Subject: [Sovereign Keys] Giving domain holders control of alternative
	routing methods
Message-ID: <20120623003347.GC12619@xylophonic>

One concern I've heard a number of times about the possibility of widescale SK
deployment is some variant of "Tor is not (yet) infrastructure", "Tor is not
(yet) ready for this amount of traffic", or some implementors/operators don't
want to be exposed to possible Tor bugs.

Previous drafts of the spec sort of dodged this question by suggesting that
hashing the SK to make a .onion address was one suggested way of doing
fallback routing, but that clients could choose others.

I think it may be better to let domain holders explicitly indicate what if any
fallback routing methods they offer for their domains/services, and let client
implementers decide which subset of these to implement.  This commit proposes
a way to do that:

https://git.eff.org/?p=sovereign-keys.git;a=commitdiff;h=fde2b5d353871fe64d45a1374a22d3d976008ca6

This method should also work for VPNs, but I don't actually know enough about
how VPNs and their authentication methods work to suggest a good general
notation for fallback rouing via VPN.  Does anyone want to suggest some?

-- 
Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993