[p2p-hackers] .p2p domain

David Barrett dbarrett at quinthar.com
Mon Dec 6 00:51:25 EST 2010


Agreed on it not going anywhere anytime soon.  I think they haven't been 
clear on what problem they're trying to solve.  If it's to prevent 
government seizures of the domain, I'd suggest that be built into the 
existing DNS infrastructure in a backwards-compatible fashion.  Ideally 
this would be part of DNSSec (though I don't think it is) as something like:

1) When the domain is registered (and renewed), record the new owner's 
public key in a big TXT record.

2) When the domain's DNS record is changed in any way, sign it with that 
public key.  (This means only the owner can actually update the DNS record.)

3) On the client (or recursive DNS server) side, cache a domain's public 
key (if available) until its registration expires.  (The "TTL" for the 
key is independent from the TTL of the record itself.)

4) When renewing the record, refuse any unsigned change, or change whose 
signature fails.

5) (This is the big one) If a domain is signed, when the domain record's 
TTL expires, don't flush the cache -- just attempt to renew.  If you 
can't renew, keep the old values.  (This one is costly as it means you 
essentially never flush signed domain values from your cache.)

The goal is to ensure that even if the ICANN, Verisign, your registrar, 
and the USG all conspire against you, your domain still continues to 
function to a large degree.


Furthermore, even if you were to do some P2P DNS approach (which I think 
should just be called DDNS), it should again be a fallback to regular 
DNS.  Basically, in the above scenario, only search the P2P network if 
it turns out that the registrar has an invalid record.  In 
99.99999999999% of cases, normal DNS will be correct, faster, easier, 
more reliable, more efficient, etc.  DDNS should be used 0.00000000001% 
of the time.  But its existence will prevent anybody from trying to 
seize domains in the first place, so it's OK if it's only used in very 
extreme scenarios.

-david



On 11/30/2010 06:30 PM, Tony Arcieri wrote:
> Surprised someone else hasn't linked this yet:
>
> http://torrentfreak.com/bittorrent-based-dns-to-counter-us-domain-seizures-101130/
>
> So some folks think a BitTorrent-powered .p2p domain is a good idea as
> an alternative to ICANN. Some are even suggested the system should be
> distributed:
>
> http://dot-p2p.org/index.php?title=Distributed_decision_example
>
> Somehow I don't really see this going anywhere any time soon.
>
> --
> Tony Arcieri
> Medioh! A Kudelski Brand
>
>
>
> _______________________________________________
> p2p-hackers mailing list
> p2p-hackers at lists.zooko.com
> http://lists.zooko.com/mailman/listinfo/p2p-hackers


More information about the p2p-hackers mailing list