Threaded Mode | Linear Mode

***lauren*** · 12-26-2010, 08:45 AM

When I say an IDONS goal is "no central registries," I'm talking about the concept of outside entities to whom you must go (and typically pay money on an ongoing basis) to obtain names -- the current model.

Use of outside systems to supplement local capabilities for maintaining the local naming databases, etc. does not constitute central registries under my definitions.

As for fallback roles for search engines and the like, it sounds like some borderline paranoid (anti-Google?) reasoning is creeping into the statements of some participants, and that has no place here.

Any role for search engines (beyond the discovery role which is obvious and necessary) related to IDONS would not cede them control -- there would still be no central IDONS control -- but simply leverage their resources as an additional fallback mechanism for unusual situations.

If they were unavailable or refused to serve associated data entries to anyone for any reason (the latter would burn their reputation fast, and why would they want this?) then IDONS users who had fallen back to them would be in no worse shape than they would have been otherwise. In other words, search engine data in a non-discovery role would be for secondary use, not primary, and you're not going to even look at secondary unless primary fails. As I noted, data would be signed so integrity is not an issue.

As for why they would participate at all, serving ads isn't the only vector of interest for search engines. How many ads have seen through Google DNS? Uh, zero of course. Google, for example, which as we know owns YouTube, is very interested in systems that could provide better locality data for servers, a problem that has been exacerbated by the existing DNS structure. I discussed this in a bit more detail here.

IDONS will need major support to be successful. Without it, getting beyond the "alternative root" type mindset will be very difficult or impossible, and the existing "domain-industrial complex" will simply chuckle and continue unimpeded. We should be thinking about ways that friendly major entities interested in this work can be brought into the fold, not ways to exclude them.

Finally for this note, it is possible that the existing DNS might be usable as a transition tool for some IDONS names for a limited period of time. But the actual implementation issues associated with doing so effectively in a useful manner are not trivial.

--Lauren--

eternaleye · 12-26-2010, 05:14 PM

(12-26-2010 08:45 AM)lauren Wrote: As for fallback roles for search engines and the like, it sounds like some borderline paranoid (anti-Google?) reasoning is creeping into the statements of some participants, and that has no place here.

I'm in no way anti-Google - My idea of the ideal job is to be a sysadmin there. I just am taking the idea of being censorship-resistant to its logical conclusion, in which regardless of how trustworthy we feel an entity may be, we are still acting irresponsibly if we do not take every opportunity to limit the ways they can cause damage if they cease to be trustworthy in the future.

Engineering is about stochastic failure models, where something may go wrong, but that's simply because there was a certain likelihood of it happening at any time.

Security engineering is about finding every single way it could fail, and doing one's best to mitigate every one. It *requires* the assumption that any party could be malicious, and thus must be hedged into a position where harm is difficult or impossible to effect.

If we want it to be censorship-resistant, we must treat it as a security engineering exercise, because numerous parties, on the scale of nation-states, will have a vested interest in subverting it.

eternaleye · 12-26-2010, 05:17 PM

(12-26-2010 06:09 AM)jfw Wrote:
(12-26-2010 01:37 AM)eternaleye Wrote: In the future, the ideal situation is one in which DNS is no longer used and IDONS is the sole name resolution system.

What do you mean with "DNS no longer used"? Do you refer to the DNS hierachy of registered names or the DNS name resolution protocol?

So far I do not see why the protocol needs to be touched at all.

DNS as a protocol is incompatible with the goals of IDONS - it requires that there be central, trusted registries. IDONS will have to be both an architecture (for managing names etc.) and a protocol (for resolving names). This makes it occupy the same problem- and solution-space as DNS while having more features, and it is thus natural for it to eventually displace it.

eternaleye · (This post was last modified: 12-26-2010 08:04 PM by eternaleye.)

(12-26-2010 06:18 AM)jfw Wrote:
(12-25-2010 12:22 AM)Joe Wrote: Also, the question of how much we can trust the search engine becomes an issue. I'd actually recommend that, rather than trying to be 100% reliable and inevitably failing, we simply say "roughly X% of the network would have to fail to lose an address" and leave it at that.

That's why I propose the idea to run registries at multiple independant sites without central control. See also this posting:
http://forums.gctip.org/thread-89-post-291.html#pid291

Example: with byzantine consent, your X% become slightly more that X=30.

A couple things. One, that's a quote of me, not Joe. Two, if we use a DHT as the basis we get roughly the same effect, without the difficulty of managing a multi-root DNS-like system, which has drawbacks (Joe suggests something similar here ( http://forums.gctip.org/thread-85-post-264.html#pid264 ), while rev412 shows that this merely abstracts the problem by one step without solving it ( http://forums.gctip.org/thread-85-post-267.html#pid267 ) )

I think what we need is a single, coherent namespace that is nonetheless not run by a single entity. DHTs serve this well. If we did it as your post that you linked to describes, each individual "phone book" can be sued to remove the relevant name, while the identifier remains. Despite the fact that the identifier, and therefore the content, is still available, the name by which people would have found it is gone, and thus the system has been at least partially censored. In my opinion, this is unacceptable and unnecessary. A true distributed data structure, be it a DHT or something else, is not vulnerable to such attacks. Not only are the identifiers impossible to censor, so are the names, unlike the architecture you describe.

I am of the firm opinion that all censorship is bad censorship. If a record is lost for any reason aside from:
1.) Catastrophic and unavoidable damage to the system
2.) The owner of the record has decided of their own free will they no longer desire it to exist
3.) The record is no longer valid (points to a nonexistent identifier, etc.) and is therefore useless
I feel that the system has failed in its goals.

Joe · 12-27-2010, 12:20 AM

(12-26-2010 08:45 AM)lauren Wrote: As for fallback roles for search engines and the like, it sounds like some borderline paranoid (anti-Google?) reasoning is creeping into the statements of some participants, and that has no place here.

So instead of addressing the valid technical concerns brought up by myself and others, we're going here? This is a logical fallacy. I happen to think Google is a great company. But that doesn't have anything at all to do with the technical discussion.

Pretty much any search engine is owned by a corporation. The corporation's primary responsibility is to make money for its stockholders. In addition, the corporation itself is a centralized source of control which is in turn subject to external governmental control.

If we intend to build a robust system that includes as a core requirement "No centralized control", then we cannot include dependencies on any corporation.

To build a system that depends on the relative "goodness" of any corporation is not realistic. Making guesses about how their future behavior will affect their reputation - and how much that will even matter to them - is also not realistic. Their incentives don't align with what is best for IDONS over the long term. This is true whether we're trusting them not to delete or tamper with IDONS data, or depending on them to store IDONS data at all.

It is illogical to rely on an unrelated entity with its own agenda (good, bad, or otherwise) to provide a fallback service that we can provide ourselves. Further, it is illogical for IDONS to rely on an entity - which in turn relies on IDONS - as a fallback position.

This is not an anti-Google rant or even paranoia. It is simple reality.

- Joe

***lauren*** · 12-27-2010, 09:06 AM

I deal with anti-Google paranoia all the time -- my inbox is "graced" with such ramblings on a daily basis. Believe me, I know it when I see it starting to creep into a conversation. For some reason, the people who get so concerned about Google usually fail to remember that the real choke point on the Net is their own ISPs.

In any case ...

IDONS nodes will also be owned by large corporations with significant resources, as well as individuals with extremely limited resources, often at the mercy of very thin Internet connections, low usage caps, frequent hardware unavailability, and so on.

In the general case at least, IDONS addressing data will be public. We can't (and shouldn't try) to stop *anyone* from caching whatever IDONS data they wish. If they are also willing to help make it publicly available, all the better. We should be using every possible resource to ensure the availability of that data.

This isn't a matter of "doing it ourselves" -- there is no "them vs. us" within the IDONS universe as far as I'm concerned -- though of course I'd very much like to see the existing DNS fade away completely over time.

As long as data is signed in ways that protect its integrity, it doesn't matter where it comes from -- a hobbyist node or a giant data center. The most important concept in this regard is that "locality" gets priority. That is, if the necessary data is available from the lowest stratum of the IDONS distributed architecture, that's great. But if that's not working, and a more centralized site with a cache of the data is available, not using that source of data is cutting off your nose to spite your face. The idea is multiple levels of data, multiple levels of redundancy.

If a centralized source suddenly vanished or didn't want to play ball anymore (or was ordered not to for that matter), it's not a big loss, because they would only normally be referenced in the case that the lower level systems weren't working anyway. So there's only upsides to this, so long as the system is designed so that centralized sources have only non-primary priority.

And again, centralized data sources in this role are *not* centralized *control*. For some reason you keep equating the two and that's simply wrong. Centralized control is ICANN and the entire registries/registrars ecosystem with whom you *must* deal if you want to get domain names under DNS. And such true centralized control (and the DNS roots that are part of it) are a major aspect of what IDONS seeks to avoid.

--Lauren--

bug1 · 12-27-2010, 03:05 PM

I think search engines could make IDONS more robust, but search engine lookup depend on IDONS being operational, if IDONS stops working then the search engine is only working as a caching system, the search engine might be a substitute some some IDONS functions, but not all (it has centralized control). Caching results should be fairly simple, something end users could do locally without a search engine.

I'm probably being pedantic, but i think "fallback" is the wrong term for a search engine, it would work at a different level, its between the user and IDONS.

Searching engines supplementing IDONS sounds better to me :)

Joe · 12-27-2010, 10:00 PM

(12-27-2010 09:06 AM)lauren Wrote: I deal with anti-Google paranoia all the time -- my inbox is "graced" with such ramblings on a daily basis. Believe me, I know it when I see it starting to creep into a conversation. For some reason, the people who get so concerned about Google usually fail to remember that the real choke point on the Net is their own ISPs.

I agree with your point regarding ISPs being the choke point. However, I challenge you to reread the thread. This isn't your inbox and you'll have a very hard time finding a single anti-Google post. Best I can tell, a good number of the folks posting here tend to like Google. The thing is that liking or hating Google is totally irrelevant to the IDONS conversation.

I am taking issue with IDONS depending on a search engine on 3 points:

1) It introduces a circular dependency
2) Basic security dictates that a system cannot depend on a less trusted system
3) There is only one authoritative source of IDONS server addresses: IDONS

None of these points have been adequately addressed.

You've brought up the point that some IDONS nodes will be owned by large corporations. But trusting a large company's IDONS servers to resolve that company's names is much different than trusting it to provide secure bootstrap information if my IDONS server loses connection with its peers.

You've said that IDONS address data will be public and that we shouldn't try to stop anyone from caching it. Again, that's not the point (and to be honest I didn't even see where anyone was even asserting that we should try to stop anyone from caching it). I did assert that search engines don't index DNS and that I don't expect them to index IDONS. I stand by that. Search engines will continue to index (and cache) web pages - irrespective of the namespace used by each.

You've said that the data is signed and that it doesn't matter where it comes from. As before, it's much different to trust a cached name than to trust cached bootstrap information.

(12-27-2010 09:06 AM)lauren Wrote: This isn't a matter of "doing it ourselves" -- there is no "them vs. us" within the IDONS universe as far as I'm concerned -- though of course I'd very much like to see the existing DNS fade away completely over time.

Gee, when you put it like that you make it sound like I'm talking about some kind of split in the IDONS universe. To be clear, by "doing it ourselves" I am referring to IDONS providing its own ability to stay connected to the IDONS network rather than having to rely on a search engine to provide addresses of IDONS nodes. This is logically sound based on my second and third points above.

(12-27-2010 09:06 AM)lauren Wrote: And again, centralized data sources in this role are *not* centralized *control*. For some reason you keep equating the two and that's simply wrong. Centralized control is ICANN and the entire registries/registrars ecosystem with whom you *must* deal if you want to get domain names under DNS. And such true centralized control (and the DNS roots that are part of it) are a major aspect of what IDONS seeks to avoid.

I'm not equating the two. I'm trying to convey the point that if an IDONS server trusts a search engine to locate another IDONS server, it is implicitly ceding control by trusting that it is getting good data back. The search engine could send back the address of a server in an alternate IDONS network containing censored data. By doing this to key servers, the entire (real) IDONS network could eventually be subverted.

- Joe

***lauren*** · 12-27-2010, 10:14 PM

Joe,

Again, IDONS data would be signed, so that its authenticity is not questioned. Secondly, and I hope I don't have to keep repeating this, entities like search engines would normally be referenced (in terms of IDONS addressing functions) only as a fallback or backup (choose your favorite term) when "native" addressing modalities are failing. But they are not "less trusted" -- because the data they store itself is trusted, so the source is not an issue. And it's the *data* that's authoritative -- individual data repositories are neither trusted nor untrusted.

--Lauren--

jfw · 12-29-2010, 03:16 AM

(12-26-2010 05:17 PM)eternaleye Wrote:
(12-26-2010 06:09 AM)jfw Wrote:
(12-26-2010 01:37 AM)eternaleye Wrote: In the future, the ideal situation is one in which DNS is no longer used and IDONS is the sole name resolution system.

What do you mean with "DNS no longer used"? Do you refer to the DNS hierachy of registered names or the DNS name resolution protocol?

So far I do not see why the protocol needs to be touched at all.
DNS as a protocol is incompatible with the goals of IDONS - it requires that there be central, trusted registries.

I don't follow. It's all that easy to just replace the root servers database at your site.

Though this leaves one within the "alternative root" type mindset.

(12-26-2010 05:17 PM)eternaleye Wrote: IDONS will have to be both an architecture (for managing names etc.) and a protocol (for resolving names). This makes it occupy the same problem- and solution-space as DNS while having more features, and it is thus natural for it to eventually displace it.

I would definately split these two topics apart. Design the protocol once the architecture is designed. Then it's going to be much easier to see whether or not the DNS protocol could do the job and save the work on a replacement or go through the burden and specify a new protocol.

jfw · 12-29-2010, 03:43 AM

(12-26-2010 07:59 PM)eternaleye Wrote:
(12-26-2010 06:18 AM)jfw Wrote:
(12-25-2010 12:22 AM)Joe Wrote: Also, the question of how much we can trust the search engine becomes an issue. I'd actually recommend that, rather than trying to be 100% reliable and inevitably failing, we simply say "roughly X% of the network would have to fail to lose an address" and leave it at that.

That's why I propose the idea to run registries at multiple independant sites without central control. See also this posting:
http://forums.gctip.org/thread-89-post-291.html#pid291

Example: with byzantine consent, your X% become slightly more that X=30.
A couple things. One, that's a quote of me, not Joe.

Sorry for that.

(12-26-2010 07:59 PM)eternaleye Wrote: Two, if we use a DHT as the basis we get roughly the same effect,

I don't think so. That is in my imagination there is a D(H)T too. At the level of mapping from "indefinately" long valid, self verifying, machine readable endpoint identifiers to current end point addresses.

And there's a mapping from end user names to those identifiers under (more or less) local control.

(12-26-2010 07:59 PM)eternaleye Wrote: I am of the firm opinion that all censorship is bad censorship.

No matter whether or not I agree with this point - If the registry of published names is unable to adhere to local law and order, it's going to be outlawed.

And technology might change the society every now and then. Yet I have not heart of any technology designed to do so and succeed.