Distributed root DNS or P2P Everything and the Future

Posted 27 Oct 2000 at 04:31 UTC by andrewmuck Share This

This is an article that I submitted to InfoAnarchy under the title of "P2P Everything and the Future", they have the distributed bent but seem to have limited number of visitors, since this article is ultimately for the attention of the coders who can deliver the dream, I have re-posted it here.

First some background: I have been on a personal quest for AnonymousEmoney as well as a growing dis-satisfaction of the DNS system and Intellectual Property. It seems that the Net has become the playground of lawyers and big business, recent indications the government interests (mainly the US) have been behind policy decisions amoungst ICANN (ICANNWatch), just fuels the fire.
So I would see myself as sharing many of the views held by those on this site. Holding views is not enough to make a difference, so this is about where I would like the landscape to be rolled out...

You may think that DNS is kinda boring and that AnonymousEmoney is a bit pointless since there is good old cash or PayPal for the net.addict, but really it comes down to something that is a little more basic and a lot more important. Peer 2 Peer, is (to quote Grok)

They may not be able to tell you what it is, exactly, but they agree it's going to be really big.
Here they are actually talking about 'Grove' and it reflects the whole P2P being the next step in the development of the net.ButGrove is commercial, not to put it down but it does not really bring anything new. So what exactly is it that is fuelling the expectation of bigness?

The net started out (and still is) a bunch of computers talking together with compatible protocols, UUCP for those who can remember was most definitely person to person (well C2C, but lets not be siliconists about it). As commercial interests have asserted their influence on the net, the structure seems to have shifted to a B2P model with netizens becoming consumers of the corporations (or governments) products and thoughts.

So why DNS, if you maintain a presence on the net, you need a way for connections to occur (or there is no 'net'). People have to find you, to bad if you want to critique a trade mark or share a name with a famous person, the UDRP is enforced in a way that totally disadvantages the individual. If you have enough money or political power (really the same thing), you can litigate a site off the net. Perhaps worse is that a domain can be taken over and the evidence of its previous existence is obliterated.
If an internet naming system existed that did not disclose the physical location or ownership of a sites content then it becomes uncensorable. Ahh you say, this is just FreeNet?

FreeNet has a long way to come and storing free speech is pretty pointless if the speech is hidden in a dungeon. MojoNation has micro payments flying everywhere for anything and still has not totally escaped from centralized tracking.

What is really needed is some basic infrastructure laid down that for once and all will eliminate the idea of centralized servers, particularly DNS root servers. The control of root servers for DNS essentially controls all policy on sites pointed to by the DNS system. And y Mueller-Maguhn (of the CCC and now ICANN) reported these comments

So, after we agreed that we don't suspect each other to eat up small children and could just talk to each other as open and honest as the situation allows, where lot's of other parties expect each other to report about the other. After she said, what I guess she had to say, that ICANN does not act in the issue of copyright, and I said, what I had to say, that ICANN does act in the field of intellectual property and the more power it has, the more misuse of this power will be upcoming, we had established some kind of handshake.

What I wanted to know was of course something about the possible room for decisions within ICANN and the possibilities to move in the direction to a more open root zone file and a more decentrally structure of administration and technical realization.

After she teached me again the well known "no we don't govern and also we have nothing to do with copyright issues" she pointed out, that the space for decisions within ICANN has never been very big, cause the governments - not only the USG - put great pressure on the control of the DNS and also on ICANN in general.

... But if this institution - driven now by governmental and industrial interests - can be changed to anything based on the diversity of netizens and citizens interests enabling a decentralized structure, that respects different entitys, free flow of information even if this means the end of controlling non-material goods, is a complete other question. So, for me it is an open question, if this is an ICANN issue.

Here is my reply...

...In my mind if the system is going to change to a truly de- centralized one then some infrastructure needs to be in place to achieve this. That means something that can not be shutdown or controlled by any government anywhere, with all the power for changes in a distributed web of trust, outside of legislation, tm-mark laws or UDRP action.

Does anyone have good reason why a linkage of private, corporate and organizational networks could not be managed in this way?

If corporate wishes to abide by arbitrary rulings (they may well since they have the lawyers) they can stick with the existing method.

But the free exchange of network addressing in a distributed manner (by perhaps a FreeNet descendant) is something I think should be pursued and would result in a truly robust and bottom up run internetwork. ...

Just imagine a future where domain names are managed via a web of trust, where disputes never get to court. An internet that can not be censored!

I am sure you can see that, we are seeing the fits and starts of this NewNet in its birth throws now as various FreeNet look alikes spawn looking for success, lets ease this process by exploring the fundamental structures needed rather than building at the application layer level.

Finally I get to the important bit, what's needed. This is also where I am hoping to see some discussion to point out what I missed.

  1. Very simple block/message passing like FreeNet
  2. Tracking of resource use over some fair limit
    • accounting for name registration
    • accounting for really heavy bandwidth use
    • reimbursing administration entities
  3. Web of Trust mechanism
    • consensus method of trust for admin
    • must not be hi-jackable
  4. provide secure anonymous data transport
  5. Must be able to replace DNS without presenting a single root server style vulnerability

If this is done, I think that the net will regain some of the freedom that it enjoyed in its early years. The important thing is for it to be done in a way that can never be perverted again. This brings me to the money. I am not so naive to think that network resources come free of charge, ultimately they cost at some point. The whole ideal of anonymity falls in a big heap if it becomes illegal to pay for a disputed domain (or its resource charges) in an anonymous data structure. Thus the whole concept of Free Speech is a sham unless it is backed by the right to purchase without disclosing true identity...

Also of interest is are some RFC snips that show why DNS root (as it is) must be controlled.

This would not be an issue if there was no physical root server but just a distributed representation of one.

See rfc2826.txt for full text.

1.3. Difficulty of Relocating the Root Zone

There is one specific technical respect in which the root zone differs from all other DNS zones: the addresses of the name servers for the root zone come primarily from out-of-band information. This out-of-band information is often poorly maintained and, unlike all other data in the DNS, the out-of-band information has no automatic timeout mechanism. It is not uncommon for this information to be years out of date at many sites.

2. Conclusion

The DNS type of unique naming and name-mapping system may not be ideal for a number of purposes for which it was never designed, such a locating information when the user doesn't precisely know the correct names. As the Internet continues to expand, we would expect directory systems to evolve which can assist the user in dealing with vague or ambiguous references. To preserve the many important features of the DNS and its multiple record types -- including the Internet's equivalent of telephone number portability -- we would expect the result of directory lookups and identification of the correct names for a particular purpose to be unique DNS names that are then resolved normally, rather than having directory systems "replace" the DNS.

There is no getting away from the unique root of the public DNS.

So folks, lets have it, what is the future and how do we get there?

Existing bookmarks act like intellectual property, posted 27 Oct 2000 at 07:15 UTC by Bram » (Master)

If you have any sort of data which changes over time, and it's 'bookmarked' in some manner, then you will inevitably have fights over who has the right to determine what people see when they go to those bookmarks.

I think the fight over domain names isn't as bad as people make it out to be, because you can always get a garbage domain name like raohysnaodeumkaoeu.com and have no worries about trademark infringement (domain names not being free is another matter.)

Immutable data can be handled much better, and distributing it widely is one of the goals of Freenet and Mojo Nation

We developers on Mojo Nation are currently working on making it fully distributed - there's significant work left to be done, but I have full confidence we'll succeed. P2P protocols are young yet, and the success of Napster indicates how important they will be in the future.

UDRP, posted 27 Oct 2000 at 10:46 UTC by andrewmuck » (Journeyer)

if your on the recieving end of a UDRP it would be a problem see http://www.bodacious-tatas.org

What if deumka in your example was a TM?

A design, posted 27 Oct 2000 at 18:14 UTC by raph » (Master)

I have a design that meets many, if not all, of the goals you propose. It's in a paper submission that was rejected and has not been formally published.

Just to put this in a little more context. My original research goal was to develop a PKI without the single point of vulnerability inherent in hierarchical designs such as VeriSign's X.509-based solution and DNSSEC. Defining the problem as resistance to attack or compromise of many nodes, I did quite a bit of research on trust metrics, including the one implemented here on Advogato.

At the same time, I realized that bolting a PKI on top of the existing DNS naming system would be completely pointless from the point of view of security. After all, with ICANN at the top deciding who owns what names, there is no chance of having a PKI return results consistent with DNS without a single point of vulnerability.

Thus, I came to the conclusion that an attack-resistant name service would have to subsume the functions of DNS, rather than being bolted on top of it. In particular, it would have to automatically implement policies for registering and modifying names in the namespace.

My paper proposes exactly such a system. I personally favor the first-come, first-served policy because it is simple enough for just about anybody to understand. However, my paper goes further than this and proposes a flexible policy language that allows for a spectrum of behavior from first-come, first-served to completely centrally managed, with many interesting points in between. Further, it allows for different policies at different points in the name hierarchy. I'm particularly proud of the features which guarantee the security of subdomains even if the people responsible for root domains are compromised.

The design is not fully fleshed out down to the protocol level. However, I believe it contains a number of good ideas that at least need to be considered by anybody building a decentralized name system. Also, I think there's a pretty good chance that my higher-level ideas could be implemented on top of the Mojo Nation infrastructure, one of the reasons I've been tracking that project.

Unfortunately, I don't really have time right now to implement this stuff. I'd be willing to advise someone who is interested and motivated, though. In any case, you'll probably have fun reading the paper and seeing how it deals with, at the very least, trust issues involved in distributed naming.

keynote & raph's paper., posted 30 Oct 2000 at 05:54 UTC by lkcl » (Master)


i finally understood keynote enough to be able to say that it is basically "digitally signed logical expressions". i think that there is enough in there to use it as the basis of a working implementation of your paper.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

Share this page