måndag 6 december 2010

My ideas for DNS-P2P

First of all, see my previous post on dynamic DNS using DHT and assymetric crypto keys. I am going to reuse ideas from there.

Basic idea: We want a way to have static and globally unique names for web sites and servers. We want to avoid centralization, so no single organization like ICANN will exist for it.
This Domain Naming System will ask peers instead of a single server for IP addresses, thus P2P in the name.

So here it goes:
Every site has a master key pair. This is important. This key should be large, maybe a 16 kb RSA key.
Every host (individual computer that acts as server on a domain) has a key pair of it's own. The host's public keys are signed by the master key for the domain.

All these public keys are stored in the peer network using DHT. The IP adressess and all the DNS data is also stored using DHT, and it's signed.
To access a site, you ask for the public key by it's checksum. Then you verifiy the DNS data that comes back by checking the signatures and time stamps.

The checksum based domain names would be in hexadecimal format, like this (but random instead): 0123456789abcdef0123456789abcdef.pkh.p2p
Pkh stands for "Public key hash", and "hash" is another name for checksums. I would prefer something else, but I don't know what would be better.

The readable domain names, like website.p2p, would be "mapped" to the hash based ones. That means that when you ask for website.p2p, you get the hash based domain name.
When you ask for the hash, you get the public master key, host keys, and the DNS data such as IP addresses.

The real issue that still has to be solved is how we can make the readable domain names globally unique and secure...
I guess we have to go for "majority-unique", such that website-a.p2p will point to the same site for most users. We probably have to accept "subscriptions" or "moderation services" that will manage situations where several people want the same domain name, and they would be optional to use as well as decentralized.

I will write more about this in the future.

Posted via email from Nat's blog

blog comments powered by Disqus