Re: DNS much?

First, I want to apologize if you took offense to the suggestions I
was making - they were made with the intent only of improving the
security of your work.  That said, perhaps I can address the specific
questions raised below so that others can understand how a
certificate authority (CA) comes into the situation.

To those playing along at home, the basic question at hand is how do
you guarantee uniqueness for human readable names in a distributed
environment.  Whether you want to guarantee uniqueness is a whole
different matter thats been discussed more times than I can count,
but for the sake of this email, assume that you *do* want human
readable and globally unique addresses.

> In order to have a true DHT DDNS you can NOT have a CA that signs
> everything. How do you update your Base64 for your Domainname?
> Lease time?
> How do you add a sub Domainname? and make sure its the right
> person adding it?

These are good questions, and the PKI people have done pretty well at
offering solutions.  Here's an example:
 * When registering a name with the CA, they give you a
   public/private keypair and a signed statement saying
   "the public key XYZ is authoritative for *.somename.i2p"
 * Whenever you want to add a new name under *.somename.i2p
   or change the destination associated with one of the names,
   you simply sign a new address entry with the private key that
   the CA gave you.  The entry itself also contains the signed
   statement from the CA, so anyone looking at it can verify it.