[Freedombox-discuss] Independent email services
Michael Blizek
michi1 at michaelblizek.twilightparadox.com
Sun Feb 27 18:14:58 UTC 2011
Hi!
On 08:57 Sun 27 Feb , Thomas Lord wrote:
> On Sun, 2011-02-27 at 09:43 +0100, Michael Blizek wrote:
> > [....] I guess relationships between the
> > (sub)domain provider and the user can be much more loose. For example, the
> > FB-foundation, debian, hardware vendors and others could register some
> > domains in order to give users free subdomains. The freedombox could integrate
> > an interface for selecting domains from a list and quick registration. Abuse
> > by (sub)domain providers could be further to reduced by requiring them to sign
> > a contract to get listed.
>
> This is a really interesting problem. You gave me an
> idea for something to put on the FreedomBox Foundation
> wishlist: a kind of "Better Box Businesses Bureau" to
> reputation track public small business FreedomBox service
> providers.
>
> The DNS case, though: Do you mean (A) or (B) here:
>
> (A) The foundation and a few other big orgs buy some domains. They
> give subdomains to freedombox users.
>
> (B) Anyone who buys a domain and signs a contract can be registered
> as a freedombox subdomain provider. The contract is with one or more
> of the big orgs.
>
> I think you mean (B) but I wanted to be sure.
Well actually some of both. I suggest that basically everybody with some
reputation could become a subdomain provider by signing the contract that
this position will not be abused. I guess we need some kind of dyndns so that
other people can connect to the freedombox. And something like this is
probably better than sending everybody to dyndns.com...
> Either way, there is a big bug.
>
> We will have created a centralized database of essentially
> all the freedomboxes. Recently, the US government made a mistake and
> shut down, en masse, tens of thousands of domains allegedly linked to
> child porn -- only to realize a few days later that they only meant to
> shut down a few 10s of sites, and that the rest were innocent. The
> government did this at the DNS level - it seized the domains.
There should be at least some countries where shutdowns are unlikely to
happen. If they do happen, it will only make freedombox and effected services
more well-known. People will move to subdomains which are not shut down.
But the problem continues with filtering at DNS servers of ISPs, so that
customers of this ISP cannot resolve it. I guess the DNS has never been built
with security in mind. Otherwise:
- DNS server addresses would be supplied by operating system vendors, not ISPs
- recursive lookup would not exist
- requests and responses would be encrypted and signed (DNSsec does *not* fix
this)
... for a start.
> With what you described, there is a ready-made master list of which
> domains need to be shut down to disrupt all freedom boxes. In
> most realistic implementations, not only a list of domains but of the
> people running them and the easily traced owners of subdomains.
I guess if your government wants to shut down all freedomboxes or pressure
their owners, it has enough means to do so. If you want to defend against
this, you need tor hidden services or something else which allows you to
operate the freedombox without revealing your identity. I agree that these
services should be in much wider use than they are now. However, changing
this looks like a pretty hard problem to me.
> Problems like that make me want to stick mostly with the
> friend of a friend model and the small-business-but-
> -without-central-registration model.
It sure is an interesting idea, but I guess it means a more time effort for
the people operating stuff. In the worst case it will even be less resilient
against government attacks, if your friends are in the same country you are in
and have little legal defense.
-Michi
--
programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com
More information about the Freedombox-discuss
mailing list