[Sovereign Keys] Giving domain holders control of alternative routing methods
Peter Eckersley
pde at eff.org
Fri Jun 22 17:33:47 PDT 2012
One concern I've heard a number of times about the possibility of widescale SK
deployment is some variant of "Tor is not (yet) infrastructure", "Tor is not
(yet) ready for this amount of traffic", or some implementors/operators don't
want to be exposed to possible Tor bugs.
Previous drafts of the spec sort of dodged this question by suggesting that
hashing the SK to make a .onion address was one suggested way of doing
fallback routing, but that clients could choose others.
I think it may be better to let domain holders explicitly indicate what if any
fallback routing methods they offer for their domains/services, and let client
implementers decide which subset of these to implement. This commit proposes
a way to do that:
https://git.eff.org/?p=sovereign-keys.git;a=commitdiff;h=fde2b5d353871fe64d45a1374a22d3d976008ca6
This method should also work for VPNs, but I don't actually know enough about
how VPNs and their authentication methods work to suggest a good general
notation for fallback rouing via VPN. Does anyone want to suggest some?
--
Peter Eckersley pde at eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the Sovereign-Keys
mailing list