Grand Ideas

How should stuff work? What's a better way? Write it here.

Name resolution for the Internet of the future

What are the requirements of a name resolution system?

I (MikeLeonhard) propose a system whereby each record is cryptographically signed by the person creating it. The person can then later issue new records that supercede the old ones. A person's signature can be guaranteed by one or more people. The guarantees are included in the record and can be verified by any machine willing to look them up. Several levels of guarantees can be included so as to form a path of trust to an individual that is trusted by both the issuer and the client.

Imagine a government based path where the national registry guarantees each state by signing their public key. The state can then sign each county or city's public keys. A business in a city could then get his key signed by the city and then issue records including the path of guarantees reaching up to the national level. Thus a name lookup would find "Joe's Grocery" as a verified business in Chicago, Illinois, USA. The record would contain various fields which could list communications facilities provided by the business. For example, there could be fields for website, email, phone, fax, and physical address.

This system could coexist with the current DNS system by requiring each record to contain a namespace path field. Joe's Grocery's record might have joesgrocery.chi.il.us.

The advantage of using certificates is that a record that is obtained from any source may be verified and trusted. This allows the peer-to-peer networks to support name resolution.

Please add comments like this --MikeLeonhard

OK. This is a pretty simple idea that might work. However, you haven't mentioned how you would do peer-to-peer resolution. -- AdamChlipala

When doing a search on the P2P network, the client would get a long list of matching records. The client program should provide the listing of records to the user for selection. Each record would first be checked to make sure all of its guarantees are valid. Any records with forged guarantees will be discarded. The records could easily be filtered with a list of trusted top-level entities. This would allow a corporate machine to receive only records that are guaranteed by the company or are valid in the old DNS system.

For non-interactive programs, a strict selection criteria would be in place. This would surely include the DNS system, and then go on to include the local ISP, and the network group which the machine is a member (like a Domain or Cluster).

The P2P network would be stable. Links would be manually set up between ISPs. The P2P program would contain a system for automatically receiving and saving link requests for review by the administrator. The routing protocols could probably be employed to automate the P2P network links. Each ISP would provide access to the P2P network for only its customers.

What this adds up to is essentially a distributed search engine for names. When you sign up with an ISP, you can submit your identity record for them to host. This record is used to authenticate you with all of the ISP's services. After successfully billing you, the ISP adds a guarantee to your record. Most ISPs would host more than one record for you. You will be able to choose if you want the ISP to guarantee any record.

Each ISP would also host anonymous records for their customers. Perhaps there could be an automatic system to allow clients to push records into the P2P network by sending them to their ISP. Obviously the ISP would have to limit the number of records coming from each customer. Records of this type would expire with time and be discarded.

This kind of P2P network would be stable because of the manual link configuration. It would allow anonymous records to be published by its customers. Obviously this wouldn't be entirely anonymous because the ISP could easily record which customer submitted the record. Anyhow, this is a step up from our current DNS system.

The beauty of this system is that it allows you to filter on cryptographically secure characteristics of the records. This means that one could limit their search to US registered 501 non-profit organizations. Or you could choose to look up only records with telephone numbers in them. Any characteristic of the record can be filtered for. Any guarantee can be required.

I recently had an experience that could have been much better with a good name resolution system. I wanted to find the phone number for a local Chinese take-out restaurant, Emperor's Kitchen. I typed "Emperor's Kitchen IL" into Google and got a list of websites. The first one had the title "The Emperor's Kitchen" so I clicked on that. What I got was a page with a large pornographic advertisement at the top, and the desired website in a frame on the bottom. The page belonged to a click-theif company that puts up pages which pretend to belong to other companies. When you go there, you do see the desired page, but it is in a frame, and there is a large filthy advertisement above it.

This click-theivery could be avoided with a cryptographically secure name resolution system. I could have opened my search page and typed "Emperor's Kitchen" into the name field, and then selected the Geographic Location option, and entered USA, Illinois. This would require any returned record to be guaranteed indirectly by the Illinois state government. A user of an ISP in Illinois would match, and so would any record for a legal business in the state.

The returned record would have all of the Emperor's Kitchen contact information: website, street address, phone number, fax number, email address, etc. Thus I could get the phone number and just call them without needing to go to their website.

The P2P network would not be used for all lookups. Lookups for DNS addresses would follow the same methodology as current DNS lookups. The domain's name servers would be queried directly. Client programs could provide a "Direct guarantee" requirement which would allow the lookup to go directly to the guaranteeing machine. This would return only records that the specified entity had directly guaranteed. This kind of lookup would offer performance that is far superior to the P2P method. Also, the communications would be encrypted, protecting the privacy of the user.

If you're going to comment, please do so like this.--MikeLeonhard

Name resolution in an untrustworthy environment: You're a node in a peer to peer network. Anybody in the network can try to give themselves a name, but properly only one node should be able to use a given name. Some nodes are assigned special jobs if they have enough resources - ie, name resolving nodes that are capable of name resolving a considerable portion of the network. They form themselves into a secondary network of systems. In addition to that, every node has a small cache of names so as to minimize the number of nodes a resolution request has to jump. How do you ensure that you don't get poisoned name resolution (ie www.cia.gov ---> www.goatse.cx) while minimizing network resource usage? Ideally, it's possible for anybody to grab a name without paying any official organization and expect to keep on using it safely, allowing for occasional downtime and perhaps ip relocation.

Uniqueness requires an overseeing authority. If you have an authority that keeps its records unique, then you can search for records that are guaranteed by that authority. Thus you have uniqueness of names. Individual names can be created with this system. The trouble is that unguaranteed names will likely be ignored or put at the bottom of the listing.--MikeLeonhard

GrandIdeas (last edited 2008-07-09 05:48:10 by localhost)