Distributed Internet Name System
This is idle reasoning, I don’t have any code or even a description of the interaction protocol. The original study in its pure form, as it is called in Wikipedia.
... We need a site identification system, such that we do not depend on the will of third parties in determining the domain. More precisely, to get away from the terminology of the DNS, just a name . And the associated set of resource records.
Obviously, this is achieved by a digital signature under the name. In this case, other people's changes in the RR zone will not be accepted. The only question is what is considered a valid signature.
')
Here, it seems to me, you should think about the GPG / PGP system as less centralized (I remind you, there are two key management models - PKI and GPG, PKI provides for binary trust - either we trust within the certification center policy or not). A person has a set of root certificates that he trusts. Other CAs and certificate holders are certified through them.
The GPG model implies a different approach. Instead of many authoritative CAs that the user trusts (which, in the realities of modern browsers, means that the creator of the browser decides for the user), the user has only one absolute center of trust - this is himself. If he signed that A = B, then we can definitely assume that A = B. (in our question, this means that B can sign A's data, and that this is true). We have people (acquaintances, services on the Internet, etc.) with different levels of trust in their signatures, and the total trust is calculated by signature.
For example, a sidekick buddy who definitely will not sign nonsense says that A = B, probably, it is. If the majority of friends consider that thepiratebay.org = 194.71.107.15, then probably it is. No matter how we are convinced in the opposite of Google (with a level of trust of 5 out of 10).
Thus, the name system looks like this: a person visits the site (leaving aside how he learned his first name, this is a chicken and egg problem, and it was solved even when the DNS was started, not to mention the ability to use DNS as a kickstart for new system), sees the link. The link refers to the name and signature hash.
If a person wants to access the resource he needs, then he (the person and his incarnating browser) checks which hash is the most authoritative for the specified name using the “friend bases”. If there is a consensus, then the person goes to the specified site. If there is a disagreement, the list appears:
If a person believes that this particular name corresponds to the name of the site, then he signs the signature on the Say entry. And from that moment on, no efforts of the RIAA, USA, bloody gebni, etc. they will not make the signature invalid. If the site changes the address, it re-signs the new entry (and we, trusting B in the matter of signing the site about “A”, automatically trust the new entry).
If we have lost our trust list, we can restore it by contacts of acquaintances (from keyring), with a high probability people in the same circle will have the same opinion about which site is who.
Additionally, small points are covered for regular visits to the site (if we visit, then this is it).
In this model, we get a fully distributed system of names for sites that are not associated with anyone except the person and his friends. Firstly, there is no single center of vulnerability (there are no IPs that can be blocked, those organizations that are dividing), and secondly, the cybersquatting problem is solved automatically, because no one cares about the empty name.
It is clear that in this model there are a lot of questions:
... We need a site identification system, such that we do not depend on the will of third parties in determining the domain. More precisely, to get away from the terminology of the DNS, just a name . And the associated set of resource records.
Obviously, this is achieved by a digital signature under the name. In this case, other people's changes in the RR zone will not be accepted. The only question is what is considered a valid signature.
')
Here, it seems to me, you should think about the GPG / PGP system as less centralized (I remind you, there are two key management models - PKI and GPG, PKI provides for binary trust - either we trust within the certification center policy or not). A person has a set of root certificates that he trusts. Other CAs and certificate holders are certified through them.
The GPG model implies a different approach. Instead of many authoritative CAs that the user trusts (which, in the realities of modern browsers, means that the creator of the browser decides for the user), the user has only one absolute center of trust - this is himself. If he signed that A = B, then we can definitely assume that A = B. (in our question, this means that B can sign A's data, and that this is true). We have people (acquaintances, services on the Internet, etc.) with different levels of trust in their signatures, and the total trust is calculated by signature.
For example, a sidekick buddy who definitely will not sign nonsense says that A = B, probably, it is. If the majority of friends consider that thepiratebay.org = 194.71.107.15, then probably it is. No matter how we are convinced in the opposite of Google (with a level of trust of 5 out of 10).
Thus, the name system looks like this: a person visits the site (leaving aside how he learned his first name, this is a chicken and egg problem, and it was solved even when the DNS was started, not to mention the ability to use DNS as a kickstart for new system), sees the link. The link refers to the name and signature hash.
If a person wants to access the resource he needs, then he (the person and his incarnating browser) checks which hash is the most authoritative for the specified name using the “friend bases”. If there is a consensus, then the person goes to the specified site. If there is a disagreement, the list appears:
vodka:
Homepage about homemaid vodka : 7.3 points (Misha - 3 points, natsu 3 points, google 1.3 points), PGP key ABC687A687684CFA3 ...
vodka: best site about vodka, site selling for vodka, vodka for selling . 1.31 points (yandex 1.3 points, kibersquater 0 points, sellingdomains 0 points, somerandomcontact - 0.01 points).
vodka: under construction 0.1 points (Vasya Pupkin 0.1 points).
If a person believes that this particular name corresponds to the name of the site, then he signs the signature on the Say entry. And from that moment on, no efforts of the RIAA, USA, bloody gebni, etc. they will not make the signature invalid. If the site changes the address, it re-signs the new entry (and we, trusting B in the matter of signing the site about “A”, automatically trust the new entry).
If we have lost our trust list, we can restore it by contacts of acquaintances (from keyring), with a high probability people in the same circle will have the same opinion about which site is who.
Additionally, small points are covered for regular visits to the site (if we visit, then this is it).
In this model, we get a fully distributed system of names for sites that are not associated with anyone except the person and his friends. Firstly, there is no single center of vulnerability (there are no IPs that can be blocked, those organizations that are dividing), and secondly, the cybersquatting problem is solved automatically, because no one cares about the empty name.
It is clear that in this model there are a lot of questions:
- Where to get the signed data? (hypothesis, similar to p2p or keyring)
- The split of the Internet (some believe that the Government of the Russian Federation is a cool site with bare aunts, the second - that the dull site with aged men in ties).
- Myriad of key compromise capabilities. Misleading, capturing someone else's keys to influence the neighbors (see what happens with the contact lists of ICQ).
- Loss of the key owner of the site means the loss of the site in the short term.
- The complexity of the surfing process (you need to choose among (possibly) equivalent in weight options.
Source: https://habr.com/ru/post/104715/
All Articles