Stepping back a bit, can you describe what problem the current DNS has that you would like to solve? I'd love to hear a scenario that can currently happens that you would like to prevent. Thanks!
-david On 12/06/2010 10:34 PM, Tony Arcieri wrote: > In the wake of WikiLeaks and being a P2P-type oriented person I can't > help but think of ways the DNS registry can be decentralized. I would > like such a system to address decisions by the authorities in charge to > delete or forcibly change ownership of domains as an act of censorship. > It's my view that the DNS system should give /irrevocable/ leases to a > particular party for a domain, and issues of trademarks/etc should > require one party to /surrender/ the domain in the event a dispute is > lost (and by "lost" I mean through legal proceedings). > > Such a system would make it harder for trademark owners to secure > domains covered by their trademark, but in turn would prevent anyone > from forcibly revoking ownership of a domain and thus would prevent acts > of government censorship. As the Internet transcends any single > government, I don't feel it's any government's place to effect control > over the domain name registry. If a government wants someone to give up > ownership of a domain, that should be a cryptographically secure act > performed by the domain owner, perhaps under duress but in my opinion > it's not something any government should be able to do without the > intervention of the domain owner. > > As I'm sure everyone on the list is familiar with, a secure, > decentralized, human-meaningful identity system is impossible. So rather > than a fully decentralized system where there are no leaders, I am > proposing a system where there is a "chain of command". That is to say, > many people can maintain their own domain name registries, but a given > system user attempting to resolve ownership of a domain has an ordered > list of central authorities ranked by level of trust. So perhaps calling > the system decentralized is wrong. Instead, it's "multi-centralized", > and if people get fed up with any of the central authorities they can > easily oust them. > > The other property I'd like the system to have is a /consistent, linear > history/ of the registry. I would like anyone participating in the > registry to serve up different versions of the same registry, rather > than each maintaining their own registry. I'd like for the registries to > be able to share and merge changes. In order to facilitate this, I think > the registry should be managed by a distributed version control system > such as git or mercurial. Registrations of particular names could be > stored in the repository as individual files and individually signed by > particular registrars. Clients (i.e. DNS caches) could then use their > registered certificates and chain of trust to decide which entries to > accept and which ones to discard. If conflicts arise... the repository > history is there to analyze for any discrepancies, and > malicious-yet-trusted registrars who try to cheat can be detected by > discrepancies in their repository history. > > I think this could all be implemented not through changes to the DNS > protocol itself, but as a radical change in which the DNS registry > itself is maintained. The traditional DNS(SEC) protocol(s) can be > preserved, and such a system could be layered on top of DNS itself, > perhaps opening up the toplevel namespace to registrants interested in a > semi-decentralized system free of control by ICANN. People could > register domains like "foobar", but "com" and "org" and such could fall > back on the traditional DNS system. > > Trying to describe something as complex as this is a bit ridiculous. If > anyone's interested I'd really like to put together a proof-of-concept > of how a secure, decentralized domain registry could be built on a > distributed source control system and still provide backwards > compatibility with the existing domain name system. Talk is cheap, show > me the code as it were... > > -- > Tony Arcieri > Medioh! Kudelski > > > > _______________________________________________ > p2p-hackers mailing list > p2p-hackers@lists.zooko.com > http://lists.zooko.com/mailman/listinfo/p2p-hackers _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers