Hi, decentralized DNS systems have already been proposed in the past. For example: http://www.computer.org/portal/web/csdl/doi/10.1109/PERCOM.2008.91
best regards, valerio On Tue, Dec 7, 2010 at 7:34 AM, Tony Arcieri <t...@medioh.com> wrote: > In the wake of WikiLeaks and being a P2P-type oriented person I can't help > but think of ways the DNS registry can be decentralized. I would like such a > system to address decisions by the authorities in charge to delete or > forcibly change ownership of domains as an act of censorship. It's my view > that the DNS system should give irrevocable leases to a particular party for > a domain, and issues of trademarks/etc should require one party to surrender > the domain in the event a dispute is lost (and by "lost" I mean through > legal proceedings). > Such a system would make it harder for trademark owners to secure domains > covered by their trademark, but in turn would prevent anyone from forcibly > revoking ownership of a domain and thus would prevent acts of government > censorship. As the Internet transcends any single government, I don't feel > it's any government's place to effect control over the domain name registry. > If a government wants someone to give up ownership of a domain, that should > be a cryptographically secure act performed by the domain owner, perhaps > under duress but in my opinion it's not something any government should be > able to do without the intervention of the domain owner. > As I'm sure everyone on the list is familiar with, a secure, decentralized, > human-meaningful identity system is impossible. So rather than a fully > decentralized system where there are no leaders, I am proposing a system > where there is a "chain of command". That is to say, many people can > maintain their own domain name registries, but a given system user > attempting to resolve ownership of a domain has an ordered list of central > authorities ranked by level of trust. So perhaps calling the system > decentralized is wrong. Instead, it's "multi-centralized", and if people get > fed up with any of the central authorities they can easily oust them. > The other property I'd like the system to have is a consistent, linear > history of the registry. I would like anyone participating in the registry > to serve up different versions of the same registry, rather than each > maintaining their own registry. I'd like for the registries to be able to > share and merge changes. In order to facilitate this, I think the registry > should be managed by a distributed version control system such as git or > mercurial. Registrations of particular names could be stored in the > repository as individual files and individually signed by particular > registrars. Clients (i.e. DNS caches) could then use their registered > certificates and chain of trust to decide which entries to accept and which > ones to discard. If conflicts arise... the repository history is there to > analyze for any discrepancies, and malicious-yet-trusted registrars who try > to cheat can be detected by discrepancies in their repository history. > > I think this could all be implemented not through changes to the DNS > protocol itself, but as a radical change in which the DNS registry itself is > maintained. The traditional DNS(SEC) protocol(s) can be preserved, and such > a system could be layered on top of DNS itself, perhaps opening up the > toplevel namespace to registrants interested in a semi-decentralized system > free of control by ICANN. People could register domains like "foobar", but > "com" and "org" and such could fall back on the traditional DNS system. > Trying to describe something as complex as this is a bit ridiculous. If > anyone's interested I'd really like to put together a proof-of-concept of > how a secure, decentralized domain registry could be built on a distributed > source control system and still provide backwards compatibility with the > existing domain name system. Talk is cheap, show me the code as it were... > -- > Tony Arcieri > Medioh! Kudelski > > _______________________________________________ > p2p-hackers mailing list > p2p-hackers@lists.zooko.com > http://lists.zooko.com/mailman/listinfo/p2p-hackers > > _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers
