[dns-operations] blockchain DNS

Phillip Hallam-Baker phill at hallambaker.com
Sat Jan 27 18:42:42 UTC 2018


If we are going to have any sensible discussion on this, forget about
'blockchain' and the bitcoin ponzi scheme. The claim that it won't collapse
the same way as all the dozens of cryptocurrencies before it did is
unproven. The fact that 99% of Bitcoiners are unaware that such schemes
existed fully justifies the name 'Dunning Krugerrands'.

That said, Hash chain notary logs are powerful because they have the
property that they are append only and very very difficult to modify
without being detected.

For the sake of argument, lets say we go back to the original
Harber-Stornetta scheme of 1990 in which the last output of the hash log is
published in the NYT each day. That mechanism is vanishingly difficult to
attack after a few weeks have passed.


So let us imagine that we have a 'first come first served' registry mapping
user friendly names to public keys in which each new claim is enrolled in a
notary log. What properties does that have?

1) The mapping of key to name is one to one and fixed for all time. There
is no feasible means of impersonating a party who has enrolled their
name/key combination.

2) Loss of a key means loss of the use of the name. There is no recovery
system possible.

3) There is no defense against name squatting. A squatter can perform a
permanent DoS attack.

There are schemes of exactly that type and they work damn well. Keybase is
one of them. You don't need accept bitcoin ideology to make use of a really
useful capability.


OK so how do we make such a scheme practical for DNS scale registries? For
the sake of round numbers, lets say that is a billion names. So if each
registration is 1KB, we are only talking about 1TB. It will fit on a single
drive. It will sit on a RAMDisk without exceptional cost. There is no
reason to think such a registry is technically difficult to manage.

Main issue would be on the social side. There would have to be some
mechanism to prevent domain name squatting and to permit recovery of 'lost'
registrations.

Domain squatting is of two types. The first is when someone fails to
register their name at all. At this point, any corporation that does not do
this can be fairly called out as negligent and told its their own fault as
far as DNS registrations in .COM are concerned. The second type of
squatting is homograph and homophone squatting. So some dispute resolution
process is essential.

OK, so there is a UDRP like process, though rather narrower in scope than
ICANN's and there is some mechanism whereby these arbitration bodies can
post messages that override the first come rule.

Lost registrations can be handled in a similar fashion. At some point, a
judgement call has to be made to find the balance between preventing domain
theft and mitigating the consequences of careless name holders.


If we were to redesign the DNS from scratch, we would undoubtedly use
exactly this approach. But at this point we are not doing that.

I am using very similar techniques in the Mesh and there is a real
possibility that name registrations in something like the Mesh could
eventually become a replacement for the DNS infrastructure. At some point,
people are going to want to go to microsoft and not microsoft.com and the
ICANN approach of demanding ridiculous half million dollar rents is just
not sustainable.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20180127/49f716ca/attachment.html>


More information about the dns-operations mailing list