[Freedombox-discuss] DHTs and Names
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sam,
There are definitely problems with using a global DHT for name
resolution - that doesn't mean they're insurmountable problems.
I think the first thing we may have to do is step back, and realize
that in fact, the names need to be global in scope, but they don't
need to be globally *unique*. Think of it as building a phonebook for
freedomboxes. Some people really *do* have the same name. What we need
is collision handling, not guaranteed uniqueness, in my opinion.
So, you look up somebody's name in the FreedomTable (at this point,
I'm just having fun with it). There are 45 Eben Moglens. There are
many possible solutions at this point, so let's take a look at what
we're really trying to accomplish. We need to turn the *right* Eben
Moglen into a routable IP address. The likelihood is that Eben (or
whoever) is assigned an address dynamically by their ISP, and the box
is hidden behind NAT, to boot.
So, instead of a simple (unique) name -> address pairing, you've got
to have something more like name -> catchphrase -> public key ->
(current) v4 + v6 addresses. When a box moves from subnet to subnet,
it updates the final entry in that chain. I'm not quite sure of the
details on a multi-stage hash like that, but I see no reason why it
wouldn't work. Then, once you've got the identity worked out, you
store the public key of the *right* Eben Moglen locally, along with
their address.
You use that address until it doesn't work any more, and then you do a
new lookup based just on the key.
It does seem that we would want to have some sort of access control -
that is, changing or making an entry for a given public key should
probably require one to be holding the associated private key.
It obviously requires the bootstrapping of some infrastructure - the
table probably should not be held by the entire fbx network. From the
standpoint of the FNF, this would be a sensible role for
FreedomTowers, but the nomenclature is unimportant. The point here is
that the name table should be hosted by a collection of trusted nodes.
Have I missed something, or does this seem doable to folks?
take care,
Isaac Wilder
The Free Network Foundation
www.thefnf.org
I've copied Brandon Wiley of the Foundation for Decentralization
Research on this, in the hopes that he may be able to demystify some
of the finer points of DHT usage. I've never spoken with Brandon, but
he's put out some really good material on DHTs.
On 08/19/2011 05:34 AM, Sam Hartman wrote:
>
> Hi. I'd like to understand how these human readable names that
> we're going to insert into a DHT are going to work from a security
> standpoint.
>
> What stops me from taking your name? What stops me from taking
> names similar to yours?
>
> I'm skeptical of the advisability of globally scoped
> non-hierarchically registered human readable names and would like
> to understand the service model and goals for this proposal.
>
> _______________________________________________ Freedombox-discuss
> mailing list Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJOTkFjAAoJEA8fUKCD77NLX3MH/1OqvmHMxTIRetg+gh9GX4aT
Lu34nyn+c2RWFPiJIdDH5jO+GKYlTYCXWdUDG9y7qnOSxA5DaxPGEBdfrpdqtd7b
WMnqZODyQxk358RTvkFHEid+SNRbQZRfnhIUAXDeYPueTnpD4SFCChHqO6NZ7krs
YHDTd2o2qwFZp6HaVk+0ysAHHxZkKEhfFwHSejV015D5LRyUiTeWqs/DtghgYl/l
8LBbT+MBGkHqiKie1dfWRwDw+oSRVQ/wg4gD3FW72+xNb3zeyOYDdwuOqw7BbAjo
uEO5aZNgRZJZzYKNY5DIJjgPrS8hD64vnH77dJmuwoWv63mDkT1RSDXVZqfarPg=
=QXTR
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110819/28f20a67/attachment.html>
Reply to: