Re: [p2p-hackers] Secure, decentralized DNS (a.k.a. solving Zooko's triangle)

Thu, 09 Dec 2010 17:39:12 -0800 

A few years ago I wrote a C library called KadC to access the (now utterly 
dead) Overnet DHT. One of the toy applications running on top of it was 
"namecache", a DNS proxy that stored and retrieved domain information in the 
DHT: http://kadc.sourceforge.net/apps.html , 
http://kadc.sourceforge.net/namecache.html . 

Its biggest problem was the inability under Overnet to lock records, which 
allowed an attacker to pollute the DHT through the insertion of competing 
records with the same key. This attack could be made more difficult to mount 
with a DHT requiring a cryptographic key to remove or replace existing records.

Enzo
  ----- Original Message ----- 
  From: Tony Arcieri 
  To: theory and practice of decentralized computer networks 
  Sent: Thursday, December 09, 2010 3:02 AM
  Subject: Re: [p2p-hackers] Secure,decentralized DNS (a.k.a. solving Zooko's 
triangle)


  On Wed, Dec 8, 2010 at 9:38 AM, David Barrett <dbarr...@quinthar.com> wrote:

    Stepping back a bit, can you describe what problem the current DNS has
    that you would like to solve?  I'd love to hear a scenario that can
    currently happens that you would like to prevent.  Thanks!


  The two biggest problems I'd like to solve are:


  1) Eliminating lock-in with any particular central authority. If you don't 
like a particular authority you can stop trusting them and the system will 
still work (with "eventually consistent" results)


  2) Eliminating the ability of an authority to revoke a domain name before 
their lease is up. In order for that to happen the owner should have to 
cryptographically release it (perhaps under the duress of a pending lawsuit or 
court order)


  A problem this sort of system also unintentionally solves: A DDoS of the root 
servers would become impossible, because such a system wouldn't have any root 
servers. Everyone running a DNS server would have their own copy of the DNS 
registry, spread through a distributed version control system.


  -- 
  Tony Arcieri
  Medioh! A Kudelski Brand



------------------------------------------------------------------------------


  _______________________________________________
  p2p-hackers mailing list
  p2p-hackers@lists.zooko.com
  http://lists.zooko.com/mailman/listinfo/p2p-hackers

_______________________________________________
p2p-hackers mailing list
p2p-hackers@lists.zooko.com
http://lists.zooko.com/mailman/listinfo/p2p-hackers

Reply via email to