diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2022-08-07 17:33:38 +0200 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2022-08-07 17:33:38 +0200 |
commit | 7e54cdeb9cdd673b474d20493b204bc0d9b395bf (patch) | |
tree | 0b85c2237dabc595f4180c08e5d54693d295eacf | |
parent | 03ea8b77cff37fa668fb9fa9d7bcc23bdec8d7c6 (diff) | |
download | lsd0001-7e54cdeb9cdd673b474d20493b204bc0d9b395bf.tar.gz lsd0001-7e54cdeb9cdd673b474d20493b204bc0d9b395bf.zip |
tone down governance
-rw-r--r-- | draft-schanzen-gns.xml | 96 |
1 files changed, 57 insertions, 39 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 35cbd49..94942c2 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -89,10 +89,9 @@ | |||
89 | <t> | 89 | <t> |
90 | This document contains the GNU Name System (GNS) technical | 90 | This document contains the GNU Name System (GNS) technical |
91 | specification. | 91 | specification. |
92 | GNS is a decentralized and censorship-resistant name | 92 | GNS is a decentralized and censorship-resistant domain name |
93 | system that provides a privacy-enhancing alternative to the Domain | 93 | resolution protocol that provides a privacy-enhancing alternative to the |
94 | Name System (DNS). | 94 | Domain Name System (DNS) protocols. |
95 | <!-- GNS is more. it is also extensible and more flexible --> | ||
96 | </t> | 95 | </t> |
97 | <t> | 96 | <t> |
98 | This document defines the normative wire format of resource records, | 97 | This document defines the normative wire format of resource records, |
@@ -114,57 +113,36 @@ | |||
114 | <t> | 113 | <t> |
115 | The Domain Name System (DNS) <xref target="RFC1035" /> is a unique | 114 | The Domain Name System (DNS) <xref target="RFC1035" /> is a unique |
116 | distributed database and a vital service for most Internet applications. | 115 | distributed database and a vital service for most Internet applications. |
117 | While DNS is distributed, in practice it | 116 | However, it was not designed with security in mind. This makes it very |
118 | relies on centralized, trusted registrars to provide globally unique | ||
119 | names. As the awareness of the central role DNS plays on the Internet | ||
120 | rises, various institutions are using their power (including legal means) | ||
121 | to engage in attacks on the DNS, thus threatening the global availability | ||
122 | and integrity of information on the Internet. | ||
123 | </t> | ||
124 | <t> | ||
125 | DNS was not designed with security in mind. This makes it very | ||
126 | vulnerable, especially to attackers that have the technical capabilities | 117 | vulnerable, especially to attackers that have the technical capabilities |
127 | of an entire nation state at their disposal. | 118 | of an entire nation state at their disposal. |
128 | While a wider discussion of this issue is out of scope for this document, | ||
129 | analyses and investigations can be found in recent academic research | ||
130 | works including <xref target="SecureNS"/>. | ||
131 | </t> | 119 | </t> |
132 | <t> | 120 | <t> |
133 | This specification describes a censorship-resistant, privacy-preserving | 121 | This specification describes a censorship-resistant, privacy-preserving |
134 | and decentralized name system: The GNU Name System (GNS) <xref target="GNS" />. | 122 | and decentralized domain name resolution protocol: |
135 | It is designed to provide a secure, privacy-enhancing alternative to | 123 | The GNU Name System (GNS), a development continuation of |
136 | DNS, especially when censorship or manipulation is encountered. | 124 | previous academic work on secure name systems <xref target="GNS" />. |
137 | In particular, it directly addresses concerns in DNS with respect to "Query | ||
138 | Privacy", the "Single Hierarchy with a Centrally Controlled Root" and | ||
139 | "Distribution and Management of Root Servers" as raised in | ||
140 | <xref target="RFC8324"/>. | ||
141 | GNS can bind names to any kind of | 125 | GNS can bind names to any kind of |
142 | cryptographically secured token, enabling it to double in some respects as | 126 | cryptographically secured token, enabling it to double in some respects as |
143 | an alternative to some of today’s Public Key Infrastructures, in | 127 | an alternative to some of today’s Public Key Infrastructures, in |
144 | particular X.509 for the Web. | 128 | particular X.509 for the Web. |
145 | </t> | 129 | </t> |
146 | <t> | 130 | <t> |
147 | The design of GNS incorporates the capability to integrate and | 131 | The design of GNS incorporates the capability to interoperate with the |
148 | coexist with DNS. | 132 | DNS protocol. |
149 | GNS is based on the principle of a petname system where users can assign | 133 | It is based on the principle of a petname system where users can assign |
150 | names to zones. | 134 | names to zones. |
151 | It builds on ideas from the Simple Distributed Security | 135 | It builds on ideas from the Simple Distributed Security |
152 | Infrastructure <xref target="SDSI" />, addressing a central issue with the decentralized | 136 | Infrastructure <xref target="SDSI" />, enabling the decentralized |
153 | mapping of secure identifiers to memorable names: namely the impossibility | 137 | mapping of secure identifiers to memorable names. |
154 | of providing a global, secure and memorable mapping without a trusted | ||
155 | authority. GNS uses the transitivity in the SDSI design to replace the | ||
156 | trusted root with secure delegation of authority thus making petnames | ||
157 | useful to other users while operating under a very strong adversary model. | ||
158 | </t> | 138 | </t> |
159 | <t> | 139 | <t> |
160 | This is an important distinguishing factor from the Domain Name System | ||
161 | where root zone governance is centralized at the Internet Corporation | ||
162 | for Assigned Names and Numbers (ICANN). | ||
163 | In DNS terminology, GNS roughly follows the idea of a local | 140 | In DNS terminology, GNS roughly follows the idea of a local |
164 | root zone deployment (see <xref target="RFC8806"/>), with the difference that it is not | 141 | root zone deployment (see <xref target="RFC8806"/>), with the difference |
165 | expected that all deployments use the same root zone, | 142 | that the protocol defined here does not mandate that all deployments use |
166 | and that users can easily delegate control of arbitrary domain names to | 143 | the same root zone. |
167 | arbitrary zones. | 144 | Users can easily delegate control of arbitrary domain names to |
145 | arbitrary zones through their local configurations. | ||
168 | </t> | 146 | </t> |
169 | <t> | 147 | <t> |
170 | This document defines the normative wire format of resource records, resolution processes, | 148 | This document defines the normative wire format of resource records, resolution processes, |
@@ -2751,6 +2729,46 @@ NICK: john (Supplemental) | |||
2751 | zone keys do become public during revocation. | 2729 | zone keys do become public during revocation. |
2752 | </t> | 2730 | </t> |
2753 | </section> | 2731 | </section> |
2732 | <section anchor="sec_governance"> | ||
2733 | <name>Zone Governance</name> | ||
2734 | <t> | ||
2735 | While DNS is distributed, in practice it | ||
2736 | relies on centralized, trusted registrars to provide globally unique | ||
2737 | names. As the awareness of the central role DNS plays on the Internet | ||
2738 | rises, various institutions are using their power (including legal means) | ||
2739 | to engage in attacks on the DNS, thus threatening the global availability | ||
2740 | and integrity of information on the Internet. | ||
2741 | While a wider discussion of this issue is out of scope for this document, | ||
2742 | analyses and investigations can be found in recent academic research | ||
2743 | works including <xref target="SecureNS"/>. | ||
2744 | </t> | ||
2745 | <t> | ||
2746 | GNS is designed to provide a secure, privacy-enhancing alternative to the | ||
2747 | DNS name resolution protocol, especially when censorship or manipulation | ||
2748 | is encountered. | ||
2749 | In particular, it directly addresses concerns in DNS with respect to | ||
2750 | query privacy. | ||
2751 | However, depending on the governance of the root zone, any deployment | ||
2752 | will likely suffer from the issues of a | ||
2753 | "Single Hierarchy with a Centrally Controlled Root" and | ||
2754 | "Distribution and Management of Root Servers" as raised in | ||
2755 | <xref target="RFC8324"/>. | ||
2756 | In the Domain Name System root zone governance is centralized at the | ||
2757 | Internet Corporation for Assigned Names and Numbers (ICANN). | ||
2758 | GNS can be used to leverage the transitivity in the SDSI design to | ||
2759 | replace the trusted root with secure delegation of authority thus | ||
2760 | making petnames useful to other users while operating under a very | ||
2761 | strong adversary model. | ||
2762 | By building on the ideas from SDSI, GNS allows to address a central | ||
2763 | issue with the decentralized mapping of secure identifiers to memorable | ||
2764 | names: namely the impossiblity of providing a global, secure and | ||
2765 | memorable mapping without a trusted authority. | ||
2766 | </t> | ||
2767 | <t> | ||
2768 | Any GNS implementation <bcp14>MAY</bcp14> provide a default | ||
2769 | governance model in the form of an initial start zone mapping. | ||
2770 | </t> | ||
2771 | </section> | ||
2754 | <section anchor="namespace_ambiguity"> | 2772 | <section anchor="namespace_ambiguity"> |
2755 | <name>Namespace Ambiguity</name> | 2773 | <name>Namespace Ambiguity</name> |
2756 | <t> | 2774 | <t> |