[Freedombox-discuss] Distributed Naming BOF Questions

[John Walsh]

Hi dkg

Thanks for taking the time to give such a comprehensive answer with links :)
Eager to learn

> I agree it's a good idea to be able to use the existing DNS 
> for ease of transition; that doesn't mean that i think the 
> existing DNS is decentralized :(
I think now, "decentralised" was a poor choice of words because it can mean
different things to so many people, but that's the FBX Foundations words not
mine. My step towards decentralisation meant moving from
username at facebook.com to username at mydomain.tld, while your step is even
further ;)

> If any of these operators can be compromised, they can take 
> control of the name that you thought you owned.  So it's not 
> just a single point of failure; for any domain in today's 
> DNS, there are potentially multiple parties capable of acting 
> as an SPOF for a powerful adversary to target.
If, the FBX does issue domain names it could reduce the attack surface by
picking a single TLD 

> 
> 
> Note also that DNS (as it is actually used these days) is 
> even more vulnerable than the description above, due to lack 
> of cryptographic authentication.  With DNSSEC in use, 
> problems with network-based attackrs are limited, but the 
> vulnerabilities to centralized pressure from powerful 
> adversaries (those outlined above) remain.  But DNSSECC is 
> not used effectively by the vast majority of all hosts on the 
> global network (you'd need cryptographic authentication in 
> your local machine's resolver for that)
Again if the FBX does issue domain names can't the foundation pick a host
that uses DNSSEC effectively, or does every host have to use DNSSEC for it
to be effective?
I am just trying to see can we minimise the risks within the existing
system.

> 
> > On a related note, there have been a lot of discussions on 
> this list 
> > about "darknet". I have read Wikipedia and I am still confused. If, 
> > FBX were to use darknet, do I lose contact with my friends 
> on the DNS 
> > system. My only wish is that whatever FBX naming scheme is 
> chosen that 
> > I will always be contactable without having to change my contact 
> > address
> 
> I have yet to hear any concrete proposals for a "darknet" on this list
> -- and note that wikipedia [0] provides multiple definitions; 
> reachable/unreachable, private/public, etc.  Perhaps the 
> folks using the term on this list would like to make it clear 
> at least what they think the advantages and goals of a 
> "darknet" would be?  Without some kind of explicit statement 
> of intent, it's pretty hard to evaluate the proposals.
Thanks for confirming there are currently no concrete proposals for an FBX
"darknet".

> 
> fwiw, i agree with you that it would be silly to create a 
> system that requires you to lose contact with your friends.  
> However, it would also be silly to make a device that just 
> feeds your personal data and relationship information back 
> into the same centralized social gatekeepers many of us are 
> currently subject to.

IMHO, I don't think we can stop feeding our personal data and relationship
information back into the existing system, because unfortunately, we will
not be able to get *all* our family and friends on an FBX. On the upside
buying an FBX will help me take back my privacy by having my own email
server as opposed to using my ISP's email server. Baby steps. To me that is
so much infinitely better than what I have now, and with respect I think I
would be silly not to buy such a device ;)

Thanks for reading

-- fiftyfour