1 0ba0b622 2023-08-20 jrmu version=pmwiki-2.3.20 ordered=1 urlencoded=1
2 0ba0b622 2023-08-20 jrmu agent=w3m/0.5.3+git20230121
4 0ba0b622 2023-08-20 jrmu charset=UTF-8
6 0ba0b622 2023-08-20 jrmu ctime=1692409889
7 0ba0b622 2023-08-20 jrmu host=38.87.162.8
10 a3cd879e 2023-08-24 jrmu targets=9.FNS
11 a3cd879e 2023-08-24 jrmu text=(:title Request For Complaints #2:)%0aInter9 Engineering Task Force%0a%0aPath Key Infrastructure (PKI)%0a%0aThe path key infrastructure (PKI) relies on [[9/FNS|FNS]]. It is necessary to%0abe familiar with FNS before reading this document.%0a%0aPKI is designed to replace the centralized public key infrastructure, which%0auses certificate authorities which are difficult to replace and which%0aend-users have no control over.%0a%0aWhen a client connects to the Inter9, it must choose a local server to trust.%0aIt imports a single certificate authority from the local server.%0a%0aFor example, suppose the user jrmu joins the server freeirc. He imports%0aFreeIRC as a certificate authority. The hierarchy of the server is /freeirc%0a%0aFreeIRC then signs the certificate for the root authority /. The / root%0aauthority then signs certificates for each of the entries in its directories,%0asuch as /ircnow and /cloud9p.%0a%0aA user from /freeirc can therefore verify the certificate from /cloud9p as a%0aresult of this chain of signatures:%0a%0alocal FreeIRC CA -> root CA -> cloud9p -> subdomain certificates%0a%0aIf the root CA becomes abusive, the local servers can revoke the signature on%0athe root certificate and sign a new root CA, forking the path key%0ainfrastructure. Because clients trust the local server directly, this fork%0awould be seamless. This gives more power for local certificate authorities to%0adeter the root CA from an abuse of power.%0a%0aMore importantly, users are not required to blindly import a list of 200+%0aCertificate Authorities they don't actually know or trust. Instead, only one%0asingle CA is imported, from the local server.%0a
12 a3cd879e 2023-08-24 jrmu time=1692820066
13 0ba0b622 2023-08-20 jrmu title=Request For Complaints #2
14 a3cd879e 2023-08-24 jrmu author:1692820066=jrmu
15 a3cd879e 2023-08-24 jrmu diff:1692820066:1692819995:=26c26%0a%3c local FreeIRC CA -> root CA -> cloud9p -> subdomain certificates%0a---%0a> local FreeIRC CA -> root CA -> cloud9p%0a
16 a3cd879e 2023-08-24 jrmu host:1692820066=38.87.162.8
17 a3cd879e 2023-08-24 jrmu author:1692819995=jrmu
18 a3cd879e 2023-08-24 jrmu diff:1692819995:1692819387:=6,36c6,24%0a%3c The path key infrastructure (PKI) relies on [[9/FNS|FNS]]. It is necessary to%0a%3c be familiar with FNS before reading this document.%0a%3c %0a%3c PKI is designed to replace the centralized public key infrastructure, which%0a%3c uses certificate authorities which are difficult to replace and which%0a%3c end-users have no control over.%0a%3c %0a%3c When a client connects to the Inter9, it must choose a local server to trust.%0a%3c It imports a single certificate authority from the local server.%0a%3c %0a%3c For example, suppose the user jrmu joins the server freeirc. He imports%0a%3c FreeIRC as a certificate authority. The hierarchy of the server is /freeirc%0a%3c %0a%3c FreeIRC then signs the certificate for the root authority /. The / root%0a%3c authority then signs certificates for each of the entries in its directories,%0a%3c such as /ircnow and /cloud9p.%0a%3c %0a%3c A user from /freeirc can therefore verify the certificate from /cloud9p as a%0a%3c result of this chain of signatures:%0a%3c %0a%3c local FreeIRC CA -> root CA -> cloud9p%0a%3c %0a%3c If the root CA becomes abusive, the local servers can revoke the signature on%0a%3c the root certificate and sign a new root CA, forking the path key%0a%3c infrastructure. Because clients trust the local server directly, this fork%0a%3c would be seamless. This gives more power for local certificate authorities to%0a%3c deter the root CA from an abuse of power.%0a%3c %0a%3c More importantly, users are not required to blindly import a list of 200+%0a%3c Certificate Authorities they don't actually know or trust. Instead, only one%0a%3c single CA is imported, from the local server.%0a---%0a> The path key infrastructure (PKI) relies on [[9/FNS|FNS]]. It is necessary to be familiar with FNS before reading this document.%0a> %0a> PKI is designed to replace the centralized public key infrastructure, which uses certificate authorities which are difficult to replace and which end-users have no control over.%0a> %0a> When a client connects to the Inter9, it must choose a local server to trust. It imports a single certificate authority from the local server.%0a> %0a> For example, user jrmu joins the server freeirc. He imports FreeIRC as a certificate authority.%0a> %0a> The hierarchy of the server is /freeirc%0a> %0a> FreeIRC then signs the certificate from the root authority from /. The / root authority then signs certificates for each of the entries in its directories, such as /ircnow and /cloud9p.%0a> %0a> A user from /freeirc can therefore verify the certificate from /cloud9p as a result of this chain of signatures:%0a> %0a> client -> local FreeIRC CA -> root CA -> other CAs -> cloud9p%0a> %0a> If the root CA becomes abusive, the local servers can revoke the signature on the root certificate and sign a new root CA, forking the path key infrastructure. Because clients trust the local server directly, this fork would be seamless. This gives more power for local certificate authorities to deter the root CA from an abuse of power.%0a> %0a> More importantly, users are not required to blindly import a list of 200+ Certificate Authorities they don't actually know or trust. Instead, only one single CA is imported, from the local server.%0a
19 a3cd879e 2023-08-24 jrmu host:1692819995=38.87.162.8
20 a3cd879e 2023-08-24 jrmu author:1692819387=jrmu
21 a3cd879e 2023-08-24 jrmu diff:1692819387:1692819293:=5,6d4%0a%3c %0a%3c The path key infrastructure (PKI) relies on [[9/FNS|FNS]]. It is necessary to be familiar with FNS before reading this document.%0a
22 a3cd879e 2023-08-24 jrmu host:1692819387=38.87.162.8
23 a3cd879e 2023-08-24 jrmu author:1692819293=jrmu
24 a3cd879e 2023-08-24 jrmu diff:1692819293:1692411417:=12,16c12,16%0a%3c The hierarchy of the server is /freeirc%0a%3c %0a%3c FreeIRC then signs the certificate from the root authority from /. The / root authority then signs certificates for each of the entries in its directories, such as /ircnow and /cloud9p.%0a%3c %0a%3c A user from /freeirc can therefore verify the certificate from /cloud9p as a result of this chain of signatures:%0a---%0a> The hierarchy of the server is /net/freeirc%0a> %0a> FreeIRC then signs the certificate from the root authority from /net/. The /net/ root authority then signs certificates for each of the entries in its directories, such as /net/ircnow and /net/cloud9p.%0a> %0a> A user from /net/freeirc can therefore verify the certificate from /net/cloud9p as a result of this chain of signatures:%0a
25 a3cd879e 2023-08-24 jrmu host:1692819293=38.87.162.8
26 0ba0b622 2023-08-20 jrmu author:1692411417=jrmu
27 0ba0b622 2023-08-20 jrmu diff:1692411417:1692411326:=21,22d20%0a%3c %0a%3c More importantly, users are not required to blindly import a list of 200+ Certificate Authorities they don't actually know or trust. Instead, only one single CA is imported, from the local server.%0a
28 0ba0b622 2023-08-20 jrmu host:1692411417=38.87.162.8
29 0ba0b622 2023-08-20 jrmu author:1692411326=jrmu
30 0ba0b622 2023-08-20 jrmu diff:1692411326:1692409889:=8,20c8,14%0a%3c When a client connects to the Inter9, it must choose a local server to trust. It imports a single certificate authority from the local server.%0a%3c %0a%3c For example, user jrmu joins the server freeirc. He imports FreeIRC as a certificate authority.%0a%3c %0a%3c The hierarchy of the server is /net/freeirc%0a%3c %0a%3c FreeIRC then signs the certificate from the root authority from /net/. The /net/ root authority then signs certificates for each of the entries in its directories, such as /net/ircnow and /net/cloud9p.%0a%3c %0a%3c A user from /net/freeirc can therefore verify the certificate from /net/cloud9p as a result of this chain of signatures:%0a%3c %0a%3c client -> local FreeIRC CA -> root CA -> other CAs -> cloud9p%0a%3c %0a%3c If the root CA becomes abusive, the local servers can revoke the signature on the root certificate and sign a new root CA, forking the path key infrastructure. Because clients trust the local server directly, this fork would be seamless. This gives more power for local certificate authorities to deter the root CA from an abuse of power.%0a---%0a> A client will trust its local server and imports it as a single certificate authority.%0a> %0a> This authority then signs a root authority, which signs other certificate authorities.%0a> %0a> So the path goes from%0a> %0a> client -> single CA -> root CA -> other CAs -> target server%0a
31 0ba0b622 2023-08-20 jrmu host:1692411326=38.87.162.8
32 0ba0b622 2023-08-20 jrmu author:1692409889=jrmu
33 0ba0b622 2023-08-20 jrmu diff:1692409889:1692409889:=1,14d0%0a%3c (:title Request For Complaints #2:)%0a%3c Inter9 Engineering Task Force%0a%3c %0a%3c Path Key Infrastructure (PKI)%0a%3c %0a%3c PKI is designed to replace the centralized public key infrastructure, which uses certificate authorities which are difficult to replace and which end-users have no control over.%0a%3c %0a%3c A client will trust its local server and imports it as a single certificate authority.%0a%3c %0a%3c This authority then signs a root authority, which signs other certificate authorities.%0a%3c %0a%3c So the path goes from%0a%3c %0a%3c client -> single CA -> root CA -> other CAs -> target server%0a
34 0ba0b622 2023-08-20 jrmu host:1692409889=38.87.162.8
