[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The trademark issue

Date: Mon, 9 Dec 96 09:43 EST
From: johnl@iecc.com (John R Levine)
Subject: Re: The trademark issue

>The only methods to do these things involve strong cryptography, ...

Not really.  The problem of authenticating members of a shared
registry group is easier than the general authentication problem,
because the members of the group know who each other are and the group
changes slowly over time.  That means it's practical to assign each
registry a secret password and distribute it off-line, e.g. by sending
a diskette by registered mail.

Assume there's a central database (something which all proposals to
date have assumed -- even the "no central database" proposal actually
uses the DNS server of one of registries as the central database).

I'd think you could adequately validate a request by logically
prefixing the secret password to the text of the request, creating an
MD5 (or similar) check value, and appending that check value to the
request when it's sent.

Since the passwords are all held in the clear at the registry where
the cops could look at them, and they're not used to encrypt data in
transit, that should satisfy most national snoop laws.


-- 
John R. Levine, IECC, POB 640 Trumansburg NY 14886 +1 607 387 6869
johnl@iecc.com "Space aliens are stealing American jobs." - MIT econ prof

Follow-Ups:
- Re: The trademark issue
  - From: Kent Crispin <kent@songbird.com>

References:
- Re: The trademark issue
  - From: Kent Crispin <kent@songbird.com>

Prev by Date: Re: New TLDs and Registry charters
Next by Date: Re: The trademark issue
Prev by thread: Re: The trademark issue
Next by thread: Re: The trademark issue
Index(es):
- Date
- Thread