Saturday, 27 November 2010

Time for a new DNS system?

What with proposals by SOCA to be able to shut down UK domains without any conviction, we now see this already applies to ICANN based domains. See article.

So, how long before we need a new type of DNS that is somehow designed to avoid any possibility of central control or censorship.

I am sure it must be possible, but it is hard to come up with a way of creating records that are unique without a central body or some sort of delegation. Mind you, we managed it for newsgroups!

I am sure it is possible somehow.

Clearly governments cannot be trusted.

8 comments:

  1. DNS System? A new Domain Name System System? So good they named it "system" twice?

    ReplyDelete
  2. .onion hidden services, tor2web.com for non-onioned browsers and bit.ly over the lot to make it tweetable/IMable? Twitter and URL shorteners make memorable DNS names less important these days.

    ReplyDelete
  3. Thinking about this there are lots of ways to make this work. I think you could even make it work for unique names and first come, first served for records. A distributed hash table together with self signed digital signatures on the records so you could replace them with newer ones later could work. The system could timestamp each record and refuse to insert newer ones that didn't have the same digital signature as the old one, allowing you to replace records, but keeping them unique. To avoid abuse you'd need to duplicate each record many times over the peer-to-peer network and make it take the majority answer as people could hack their own node, but you'd have to assume that the majority wouldn't be hacked in the same way.

    Ironically the main problem though is that it would be free because there would be no central authority to charge anyone. That would mean that as soon as became sucessful you'd have a new form of spamming where evil people tried to race to register every possible address for themselves as soon as possible. Even the current system suffers badly from this but without the cost and effort of registering a name it would be completely unmanagable and that's the problem I can't think how to solve :(

    ReplyDelete
  4. I did wonder. I was thinking that a system of registries that all had access to top level space (somewhat like we have now), but with a collision detection system between them and a distributed database rather than a top level authority to register against (like ICANN).

    Once a record is made via one registry and it is signed by all of the other registries and has an expiry, and has a key from the registrant that allows it to be removed or changed.

    The system would operate with digital signed delegation from the start as part of the system.

    A registry could not remove or change an entry once created - only the key that is part of the entry is valid to change or remove the entry. Obviously a registry could remove from it's own copy of the database, but all other registries would have it, and all non registries database caches that would in effect be root servers would too as they would only trust the key for that domain.

    The registries would be in different countries, and would charge a standard fee. That stops the spammers and domain squatters taking over. It makes the registries a business. It would not really matter if they are government or private companies. New registrars would only join to club by agreement with the rest and agreeing to follow the rules.

    If any registries got adversely controlled by a government they could be and would be shut out by the others, not allowing them to register any other domains. That would be an incentive not to break the rules regardless of government pressure.

    You have to have a commercial element to (a) pay for making a system and running it properly and (b) avoid domain squatting and spamming.

    ReplyDelete
  5. Or maybe it's time to create a whole new internet with it's own IP addresses and DNS system and rules. It could start by using the existing internet for the point to point links instead of physical cables, at least in the early days.

    Frankly it wouldn't suprise me if this has alrady happened and it's where all the cool people hang out in secret on their own paralell internet :P

    I imagine the concept of a second identical internet running in parallel with the "ordinary" internet and using it for transport sometimes would fall below the radar of the authorities for quite some time...

    ReplyDelete
  6. We have a problem only because we think in terms of things like '.com' as root domains.

    How about.. Anyone can run a root nameserver, subject to minimal checks (that they have reasonable bandwidth and know what they're talking about), and they get allocated a random root name (or name their own I guess, but I'm hoping to avoid the goldrush a bit).

    If you register with RevK domains, all his domains might end in .a19, for example, but there's no clash with TonyHoyle domains on .b33.

    Everything else is a solved problem - 90% of people find pages via google anyway (or use twitter, etc.), not by remembering the site name, and if they do want to do that then DNS is still there it just has more roots.

    ReplyDelete
  7. Nothing to do with your stuff above but on Eggheads tonight a question was asked with one of the possible answers was SHIBBOLETH Thought of you lol xxxx

    ReplyDelete
  8. relevent article on slashdot

    http://tech.slashdot.org/story/10/12/01/1320253/The-Pirate-Bay-Co-Founder-Starting-P2P-DNS

    ReplyDelete