Distributed Naming

Rationale

The ability for FreedomBoxes to be able to name themselves in a secure, censorship resistant way and using something that can be humanly memorable is an important part of the project.

The weakness and centralization/hierarchical structure of the DNS standard call for the adoption in the project of another method of naming.

To be particulary hard to censor, this one must be distributed and decentralized.

Most of the ideas here come from the Distributed Naming BoF that happened during DebConf11.

Issues

Zooko's Triangle

The Zooko triangle concept try to draft the issues.

It sum up naming system regarding of three different problems :

The difficulty is that this properties can be (and most of the time are) mutually exclusives: a secure name can lead to something completly meaningless for a human (i.e using hashes). So the conclusion of this paper is to choose two of this requirements.

For more on this, read the Wikipedia page, or Zooko's page.

Interesting implementations

Some other projects already tried to implement such a system. Let's try to list them to compare and see the pros and cons of each one.

Petnames

Starting from the assumptions of the Zooko triangle, some people drafted the petname system.

It is currently implemented as a Firefox extension, but is quite outdated. Some papers can be found on this page or the project official page.

Namecoin

Namecoin is a domain name system based on Bitcoin. It extends Bitcoin to add transactions for registering, updating and transferring names.

Netsukuku ANDNA

The Netsuku mesh networking project has implemented ANDNA (A Netsukuku Domain Name Architecture) to use decentralized naming system in its network. It could be sum up as a hierarchical distributed, decentralized naming.

i2p

I2p uses a DHT (kadmelia) to distribute its own naming system. From the description on the website:

I2P ships with a generic naming library and a base implementation designed to work off a local name to destination mapping, as well as an add-on application called the addressbook. I2P also supports Base32 hostnames similar to Tor's .onion addresses.

The addressbook is a web-of-trust driven secure, distributed, and human readable naming system, sacrificing only the call for all human readable names to be globally unique by mandating only local uniqueness.

Onion names

Onion names is the system used by the Tor hidden services.

See the dedicated page on torproject.

CJDNS

A routing engine designed for security, scalability, speed and ease of use. The dream: You type ./cjdns and give it an interface which connects another node and it gives you an ipv6 address generated from a public encryption key and a virtual network card (TUN device) which you can use to send packets to anyone in the cjdns network to which you are connected. A live testing network exists with 15-240 active nodes. (Active nodes count)

anonet2.org resdb

The anonet network uses its own implementation based on a git repo and some scripts to convert its content zone files readable by DNS servers. It takes advantage of git's distributed feature. Git also helps in case more than one people try to register a domain, others are free to pull from the git repo they want to for that domains, and if it is required to have only one official zone for this domain, conflicts can still be resolved by discussion.

Sources are only public inside the anonet network, but can probably be asked.

OpenPGP

OpenPGP already use a decentralized distribution mechanism, with the sks keyserver network. It could be used as a global database where people can search for contacts.

Unmanaged Internet Architecture

UIA is a distributed name system and ad-hoc routing infrastructure which provides zero-configuration connectivity among users' mobile devices without the use of centralized servers.

Source code hasn't been updated since late 2009. It claims that it has build dependencies on Apple's bonjour API (mDNSResponder), and not being compatible with avahi (See uianet/README in uia sources). However, avahi's upstream seems to have implemented a mDNSResponder compatible API since then. This project would probably need a lot of rework.

P2P-DNS

P2P-DNS intends to operate as a distributed and less centralized service hosted by the users of DNS. Its goal is to design a network with no centralized points of failure by replacing the standard DNS hierarchical architecture.


CategoryFreedomBox