Hi fiftyfour-- On 08/04/2011 12:56 AM, John Walsh wrote: > I always imagined that when you bought an FBX you would have the option to > buy or use your own domain name ([email protected]), guaranteeing you a > decentralised FBX.
I agree it's a good idea to be able to use the existing DNS for ease of transition; that doesn't mean that i think the existing DNS is decentralized :( > I also imagined that if a government/ISP removed your > internet coverage, the FBX would fall back to "mesh networking mode" but you > would still be contactable at [email protected]. I assumed that the FBX > would work along similar lines to the http://www.servalproject.org i.e. when > the mobile network it taken out, people are still contactable through their > mobile number. Resistance to throttled or removed connectivity to the rest of the 'net would be a good property of an ideal FBX. I'm not sure that it's useful to combine that discussion with a discussion of centralized namespaces, though. I suspect it would be be easier to attack the two problems individually, and tying them together if the two problems are already solved doesn't seem too difficult to me. > I watched the Distributed Naming BOF presentation, which seems to have > turned my assumption on it's head. I was really concerned to learn that > ICANN has taken down websites when "leaned on" by governments and companies. > Scary. I don't know whether ICANN itself has done any specific takedowns on behalf of governments or corporations, but certainly the registries in charge of various TLDs (one level below the root zone) have done so. for some copyright-related domain seizures, techdirt's coverage is a reasonably well-informed place to start: http://www.techdirt.com/blog/?tag=domain+seizures > I also understand the instinct to build FBX's own Distributed Naming > Scheme, but I am concerned that this is simply too big a task for FBX. I am > also concerned I would lose contact with my family and friends who stay on > the existing DNS. yes, any sort of FBX proposal that entirely drops support for existing DNS is going to have very poor adoption rates. We shouldn't shoot ourselves in the foot like that. However, we should also provide mechanisms for people to participate in a naming scheme that is more resistant to powerful/centralized attack, if possible. > I would rather see a campaign to strengthen the independence of ICANN. Again, its not just ICANN; DNS operates as a centralized hierarchy. If you "own" example.com, then there are at least two entities that you are subordinate to: the operators of the root zone (".") and the operators of the com TLD. If you "own" example.co.uk, then there are at least 3: the root zone operators, the .uk operators, and the .co.uk operators. In practice, some of these may be the same entities, but there is no guarantee of that. If any of these operators can be compromised, they can take control of the name that you thought you owned. So it's not just a single point of failure; for any domain in today's DNS, there are potentially multiple parties capable of acting as an SPOF for a powerful adversary to target. Note also that DNS (as it is actually used these days) is even more vulnerable than the description above, due to lack of cryptographic authentication. With DNSSEC in use, problems with network-based attackrs are limited, but the vulnerabilities to centralized pressure from powerful adversaries (those outlined above) remain. But DNSSECC is not used effectively by the vast majority of all hosts on the global network (you'd need cryptographic authentication in your local machine's resolver for that) > On a related note, there have been a lot of discussions on this list about > "darknet". I have read Wikipedia and I am still confused. If, FBX were to > use darknet, do I lose contact with my friends on the DNS system. My only > wish is that whatever FBX naming scheme is chosen that I will always be > contactable without having to change my contact address I have yet to hear any concrete proposals for a "darknet" on this list -- and note that wikipedia [0] provides multiple definitions; reachable/unreachable, private/public, etc. Perhaps the folks using the term on this list would like to make it clear at least what they think the advantages and goals of a "darknet" would be? Without some kind of explicit statement of intent, it's pretty hard to evaluate the proposals. fwiw, i agree with you that it would be silly to create a system that requires you to lose contact with your friends. However, it would also be silly to make a device that just feeds your personal data and relationship information back into the same centralized social gatekeepers many of us are currently subject to. --dkg [0] https://secure.wikimedia.org/wikipedia/en/wiki/Darknet_%28file_sharing%29
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
