> From: Bill Manning, Friday, June 12, 2009 10:32 AM > On Fri, Jun 12, 2009 at 03:55:05PM +0100, Sabahattin Gucukoglu wrote: > > Silly question, I'm sure - any chance of putting the DNS into a > > gigantic DHT and spreading the entry nodes liberally about the > planet? > > > > Cheers, > > Sabahattin > > > > PS: No political agenda implied. > > > > been proposed quite a few times over the years in one > form or another.
It is indeed technically possible to develop a worldwide distributed service -- check http://en.wikipedia.org/wiki/PNRP for an example. However, a pure P2P implementation immediately bumps against the question of authority. Who gets to publish the address for www.example.com"? I you allow "anybody", the system can become really unreliable. If you request a certificate to "certify" the publishing, you get all the generic PKI issues, e.g. who to trust, etc., and you end up with a system that is not much more P2P than the DNS. The only "secure" solution that we could deploy uses large numbers instead of names, where the number is essentially a hash of a self-signed certificate. That works, for some definition of working: if you know what number to retrieve, you will get an authoritative answer. But that means using large numbers instead of short friendly names, and thus is not very "user-friendly". -- Christian Huitema _______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf
