[Freedombox-discuss] Distributed Naming BOF Questions

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Aug 4 21:14:06 UTC 2011


Hi fiftyfour--

On 08/04/2011 12:56 AM, John Walsh wrote:
> I always imagined that when you bought an FBX you would have the option to
> buy or use your own domain name (username at mydomain.tld), guaranteeing you a
> decentralised FBX.

I agree it's a good idea to be able to use the existing DNS for ease of
transition; that doesn't mean that i think the existing DNS is
decentralized :(

> I also imagined that if a government/ISP removed your
> internet coverage, the FBX would fall back to "mesh networking mode" but you
> would still be contactable at username at mydomain.tld. I assumed that the FBX
> would work along similar lines to the http://www.servalproject.org i.e. when
> the mobile network it taken out, people are still contactable through their
> mobile number.

Resistance to throttled or removed connectivity to the rest of the 'net
would be a good property of an ideal FBX.  I'm not sure that it's useful
to combine that discussion with a discussion of centralized namespaces,
though.  I suspect it would be be easier to attack the two problems
individually, and tying them together if the two problems are already
solved doesn't seem too difficult to me.

> I watched the Distributed Naming BOF presentation, which seems to have
> turned my assumption on it's head. I was really concerned to learn that
> ICANN has taken down websites when "leaned on" by governments and companies.
> Scary. 

I don't know whether ICANN itself has done any specific takedowns on
behalf of governments or corporations, but certainly the registries in
charge of various TLDs (one level below the root zone) have done so.

for some copyright-related domain seizures, techdirt's coverage is a
reasonably well-informed place to start:

  http://www.techdirt.com/blog/?tag=domain+seizures

> I also understand the instinct to build FBX's own Distributed Naming
> Scheme, but I am concerned that this is simply too big a task for FBX. I am
> also concerned I would lose contact with my family and friends who stay on
> the existing DNS. 

yes, any sort of FBX proposal that entirely drops support for existing
DNS is going to have very poor adoption rates.  We shouldn't shoot
ourselves in the foot like that.  However, we should also provide
mechanisms for people to participate in a naming scheme that is more
resistant to powerful/centralized attack, if possible.

> I would rather see a campaign to strengthen the independence of ICANN.

Again, its not just ICANN; DNS operates as a centralized hierarchy.  If
you "own" example.com, then there are at least two entities that you are
subordinate to: the operators of the root zone (".") and the operators
of the com TLD.

If you "own" example.co.uk, then there are at least 3: the root zone
operators, the .uk operators, and the .co.uk operators.  In practice,
some of these may be the same entities, but there is no guarantee of that.

If any of these operators can be compromised, they can take control of
the name that you thought you owned.  So it's not just a single point of
failure; for any domain in today's DNS, there are potentially multiple
parties capable of acting as an SPOF for a powerful adversary to target.


Note also that DNS (as it is actually used these days) is even more
vulnerable than the description above, due to lack of cryptographic
authentication.  With DNSSEC in use, problems with network-based
attackrs are limited, but the vulnerabilities to centralized pressure
from powerful adversaries (those outlined above) remain.  But DNSSECC
is not used effectively by the vast majority of all hosts on the global
network (you'd need cryptographic authentication in your local machine's
resolver for that)

> On a related note, there have been a lot of discussions on this list about
> "darknet". I have read Wikipedia and I am still confused. If, FBX were to
> use darknet, do I lose contact with my friends on the DNS system. My only
> wish is that whatever FBX naming scheme is chosen that I will always be
> contactable without having to change my contact address

I have yet to hear any concrete proposals for a "darknet" on this list
-- and note that wikipedia [0] provides multiple definitions;
reachable/unreachable, private/public, etc.  Perhaps the folks using the
term on this list would like to make it clear at least what they think
the advantages and goals of a "darknet" would be?  Without some kind of
explicit statement of intent, it's pretty hard to evaluate the proposals.

fwiw, i agree with you that it would be silly to create a system that
requires you to lose contact with your friends.  However, it would also
be silly to make a device that just feeds your personal data and
relationship information back into the same centralized social
gatekeepers many of us are currently subject to.

	--dkg

[0]
https://secure.wikimedia.org/wikipedia/en/wiki/Darknet_%28file_sharing%29

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110804/cb807c6c/attachment-0001.pgp>


More information about the Freedombox-discuss mailing list