Distinguishing namespace

[ohir]

In short: below ideas are from my old pworlds project.
Name resolving was was not that distributed as we
want it now. So . . .

===

First: distinguishing new namespace and method of resolving:
..
That is: TWO DOTS at the end of any string not preceded
by either slash or backslash. I was using iso locale
originally - now it can be any utf8 string.

so below line would be valid uri to retrieve file over http:

http://Home Page of Joe Doe../robots.txt

resolver hacks for get this separated are for 1stgrader homework.

Real identifier was a md5 hash of said String (NSTR) normalized
to lowercase with all consecutive white space characters changed
to 0x20 and leading/trailing whitespace removed.
This hash value was then appended with crc32
of the normalized NSTR (in anticipation of rare collisions).
Hash value plus 4B of crc was afair called DNH
(distinguished name hash).

The top of namespace consisted of national roots mesh

[pl-NRS] ... [de-NRS] ... [us-NRS]

All root servers were meant to keep exact copy of all
registered Strings in so called NOPTR records.

[ I think that every reader see where censorship puts
[ in: any national root can blacklist any NOPTR it deems
[ 'inappriorate' so Germans would not see nazi memorabilia
[ nor Saudians would see any milky tit. Or by clone accident
[ whole world would see neither.
[ Unless _all_ NSRs agreed to remove particular NOPTR
[ this was mitigated by requirenment of any lower rank
[ nameserver to reply with recursive NOPTR copy of its
[ (nameserver) national root.

NOPTRs were indexed by DNH and consisted of:

- DNH
- REGDT registration datetime in unix epoch
- NSTRK pgp public key of NSTR owner. [***]
- ROOTS NRS pgp signature of above
- WGP0 (WG stands for World Gate)
- WGP1
- WGP2
- WGP3 up to four WG addresses (ipv4 then).
[***] there were also fields for registrar DNH/sig
expiration date, owner area and affiliation
fields (ie gov, science, edu, private etc)
It is not relevant now.

Nothing more was really kept at NSRs db.

[ I'll omit 'register' and 'dispute' protocols and a
[ few other things because its irrelevant now;
[ nor I do remember them as good as core ideas.

Whats World Gate? It was a real resolving nameserver.
Be it at NSTR owner desk, be it at NSTR owner's ISP.

WG served usual NS records (A, MX..) and
three new types of records:
^ GAUT
^ SPTR.service
^ NOPTR (sic!)

GAUT is Gate authorization record
- DNH
- GAT address/port (has to be this WG address/port)
- NAT address/port/key (multiple)
- NXT address/port/key (multiple)
- TUN address/port/key tuples (multiple)
- NSTRS owner signature

SPTR.service record consisted of
- DNH
- SRNAM service recognized name
- SRPRO service l5 protocol
- SRADR service address:proto:port (multiple)
- NSTRS owner signature.

Ie SPTR.gopher
Fa2..87c,GOPHER:gopher://,1.1.1.1:tcp:70,2.2.2.2:udp:11976,signature

For simple example http://Whoallelujah..
resolver worked in that way:

1 - compute DNH from string
2 - ask your configured caching NS for NOPTR(DNH)
[ if NOPTR is not in cache, NRS gets hit,
usual SOA cache directives apply ]
3 - check signature on fields above ROOTS with NSR key
(all NSRs pubkeys are in resolver config)
4 - ask WG of WGP address for GAUT(DNH)
5 - check NSTRS owner signature on GAUT.
If valid and ip we are connected to equals GAT, we are at good place.
6 - *** explained later
7 - ask for specific record
8 - check NSTRS owner signature on it.
9 - return requested data to caller.


Why WG can serve NOPTR?

NOPTR served from WG is a delegation.

WG becomes NSR for that record at the twodots boundary.

[imagine weird-molecules.ozzoone-shacklet.com delegation]

In new notation we will use url:

http://ozzoone shacklet .. weird molecules/thc_on_steroids.tiff

-------................--^-...............-
__delegation_boundary____^ delegated NSTR

and our resolver does:

1 - compute DNH(s) from string(s)
2 - ask configured caching NS for NOPTR(DNH)
3 - check signature on fields above ROOTS with NSR key
(all NSRs pubkeys are in resolver config)
4 - ask WG of WGP address for GAUT(DNH)
5 - check NSTRS owner signature on GAUT.
If sig is valid and ip we are connected to equals GAT, we
are really at good place.

6 - IF there is more DNHs to resolve in that query
If GAUT.TUN or NAT are not empty, use them [explained later]
If GAUT.NXT is not empty, it become current WG address.

FOR each DNH in DNHs:
6a - ask current WG for NOPTR(DNH)
6b - check signature on fields above ROOTS with current WG key
6c - ask WG of WGP address for GAUT(DNH)
6d - check NSTRS owner signature on GAUT
6e - if TUN/NAT are not empty, use em [explained later]
6f - if NXT is not empty, its next loop WG to ask address
6f'- else WGP of current NOPTR is next loop WG address
LOOP

7 - ask for specific record
8 - check NSTRS owner signature on it.
9 - return requested data to caller.


What is NAT?

It was my solution for 'end of v4 space'.
If that field was not empty, IP packets were (meant to)
be encapsulated for reverse NAT, routed to outer (public)
address then routed in private (ie organization) space
to its destination described by relevant SPTR record.


What is TUN?
It is for onion tunnels. I called it 'N-Worlds' hence there is WG ;).

In brief if TUN fields were filled in, tunnel was set up to TUN.ip:port
using TUN.key before next delegation loop. Userland caller was then given
local tunnel entry as resolved ip. It was for any app to be secured
just by using new resolver.


Anticensorship solution:

Any compliant WG MUST provide answer to NOPTR(DNH) query,
IOW if is queried for DNH that is not in its database, WG MUST
recursively query its NSR for that DNH and then return answer.
If it accidentaly has identical delegated NOPTR, client will
fail to verify NSR signature and will try another WG
it knows of.

I had also reverse lookup for 1st tier done.
But nowadays it is not really needed anymore.


P.S. Your IODNS features list lacks:

- ability to lawful dispute then forced change of ownership
of registered name.

I know it opens censorship possibilities. I also do know that
no operator of real service, even one with hard remop experiences,
will withstand storm stem from wise kenian boy registering coca-cola
general motors riaa and scjentology names.


Regards, Ohir.

--

Wojciech S. Czarnecki
<< ^oo^ >> OHIR-RIPE