[dns-operations] blockchain DNS

Jimmy Hess mysidia at gmail.com
Mon Jan 29 18:32:09 UTC 2018


On Sat, Jan 27, 2018 at 1:16 PM, John R Levine <johnl at taugh.com> wrote:


> For every Sci-Hub, there are a dozen Daily Stormers and a thousand fake
> phish banks,

fake "Canadian" pharmacies, and other malicious sites.


The DNS registry is not (or should not) be the content police force;  they
may be targeted
because the central entity appears a "responsible" authority for the
presence of a domain
in the DNS: they are a convenient entity to send orders to, and can easily
disrupt availability
to a domain --  even if the website is located in another jurisdiction:
E.G.  the
registry or a Root server may be in the US,  and the website,  and its
users in the UK or Russia.

The larger concern with the traditional DNS is a content publisher  and the
viewing
user are in country B,   and the .COM or some internationally-used ccTLD's
infrastructure
is in  country A,   then  country A  can and will eventually try to apply
their own policies
and censor  country B users'  access even to a domain that is legitimate in
country B
-----  with no way of restoring access  according to the laws of country
B,  or
the registrar may be directed to tamper with DNSSEC published data allowing
impersonation of a domain registered from country B.

Country A might also seek to interfere by altering the content of query
responses
to locally-hosted root servers traversing  from a Country B  origin to  a
Country C
destination  (But routed through A).

If censorship is a "Necessary" feature,  then it could be implemented in
other ways,
while a decentralized blockchain-based host naming and discovery database
would
be able to ameliorate the situations above.

A thought would be to deal with malicious websites....  you can think about
a  "Reputation data" chain,  (potentially)  ----   that could also just be
implemented using
existing RPZ technology without a  reputation blockchain;

But in a similar way you can publish and discover resolution data;  you
can have a way for 3rd parties to publish and you to discover   "Reputation
Data" --- or
"User Advisories against domain X".

Then the resolvers can subscribe to the data provided by the
appropriate regional censorship authorities and "malicious sites info
providers"
to  interdict DNS queries  regarding  domains of interest.

-- 
-JH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20180129/a4bf8405/attachment.html>


More information about the dns-operations mailing list