In the wake of WikiLeaks and being a P2P-type oriented person I can't help but think of ways the DNS registry can be decentralized. I would like such a system to address decisions by the authorities in charge to delete or forcibly change ownership of domains as an act of censorship. It's my view that the DNS system should give *irrevocable* leases to a particular party for a domain, and issues of trademarks/etc should require one party to * surrender* the domain in the event a dispute is lost (and by "lost" I mean through legal proceedings).
Such a system would make it harder for trademark owners to secure domains covered by their trademark, but in turn would prevent anyone from forcibly revoking ownership of a domain and thus would prevent acts of government censorship. As the Internet transcends any single government, I don't feel it's any government's place to effect control over the domain name registry. If a government wants someone to give up ownership of a domain, that should be a cryptographically secure act performed by the domain owner, perhaps under duress but in my opinion it's not something any government should be able to do without the intervention of the domain owner. As I'm sure everyone on the list is familiar with, a secure, decentralized, human-meaningful identity system is impossible. So rather than a fully decentralized system where there are no leaders, I am proposing a system where there is a "chain of command". That is to say, many people can maintain their own domain name registries, but a given system user attempting to resolve ownership of a domain has an ordered list of central authorities ranked by level of trust. So perhaps calling the system decentralized is wrong. Instead, it's "multi-centralized", and if people get fed up with any of the central authorities they can easily oust them. The other property I'd like the system to have is a *consistent, linear history* of the registry. I would like anyone participating in the registry to serve up different versions of the same registry, rather than each maintaining their own registry. I'd like for the registries to be able to share and merge changes. In order to facilitate this, I think the registry should be managed by a distributed version control system such as git or mercurial. Registrations of particular names could be stored in the repository as individual files and individually signed by particular registrars. Clients (i.e. DNS caches) could then use their registered certificates and chain of trust to decide which entries to accept and which ones to discard. If conflicts arise... the repository history is there to analyze for any discrepancies, and malicious-yet-trusted registrars who try to cheat can be detected by discrepancies in their repository history. I think this could all be implemented not through changes to the DNS protocol itself, but as a radical change in which the DNS registry itself is maintained. The traditional DNS(SEC) protocol(s) can be preserved, and such a system could be layered on top of DNS itself, perhaps opening up the toplevel namespace to registrants interested in a semi-decentralized system free of control by ICANN. People could register domains like "foobar", but "com" and "org" and such could fall back on the traditional DNS system. Trying to describe something as complex as this is a bit ridiculous. If anyone's interested I'd really like to put together a proof-of-concept of how a secure, decentralized domain registry could be built on a distributed source control system and still provide backwards compatibility with the existing domain name system. Talk is cheap, show me the code as it were... -- Tony Arcieri Medioh! Kudelski
_______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
