Follow

If Brexit happens, every brit with a .eu domain will probably lose it [german article, via @sl007] heise.de/newsticker/meldung/Br

Oh hi yes hello, have we talked yet about why DNS is bad and we shouldn't be relying on it for our decentralized networks?

BTW, here is another way to put it, since I think many people here haven't thought about how problematic DNS / SSL CAs are:

1) With DNS, you DO NOT own/control your domain; you lease/rent it. And your landlord can take it away at any time (and this does happen).

(cotd ...)

2) The reason DNS/SSL are so hard is *because* of the coordination with central authorities.
3) If your address was your key fingerprint, no need for a CA; you already know how to make a secure connection (why .onion does not need https)
4) SSL CAs are as weak as the *weakest* CA in your CA list. It only takes one badly acting CA for you to be man in the middled.
5) DNS and SSL CAs centralize the otherwise decentralized fediverse.

Down with DNS, down with SSL CA cartels.

@cwebber @sl007 Woah - I hadn't even considered this. I don't have any .eu domains myself but this will be pretty huge for others in Britain that do.

@cwebber DNS is fine actually, it's the root zone which is the issue

@tomas but the root zone is key to dns's selection of human meaningful and globally unique/secure! en.wikipedia.org/wiki/Zooko%27

@tomas which is to say, we can get rid of the root zone and have a good naming system, but then it won't be human meaningful on its own (time for petnames!)

@cwebber I'm more getting at the politics of the thing.
Petnames sounds a bit like TOFU but for domain names? And also a bit like RES tagging users on Reddit..
@cwebber Is Ben Shapiro's name supposed to be in there? Either way, this idea has potential! So far I've been dealing with the .onion domain problem by bookmarking, but that approach is obviously limited to the Web. In a world of single-user self-hosted things it would be useful to only have to provide a petname for foobar.onion once and have it appear the same in my XMPP client, email client, Web client and so on.

@cwebber @sl007 .eu is still pretty obscure, just wait until the break up of the UK and .uk disappears!

@stardot Precisely. It's a pity .scot domains are 10x the price of .uk ones otherwise I'd have future proofed myself already.

@cwebber @sl007

@edavies @cwebber @sl007 my entire digital life is linked to my .uk email address. I really should start thinking about changing that before I have to..

@stardot @edavies @sl007 ack... though .uk is not under threat right now, .eu is for uk citizens :)

@cwebber @edavies @sl007 it'll be next up, depends how quickly #indyref2 picks up steam after Brexit, whether peace in Ireland holds. It was on the cards even before Brexit, I wouldn't give it more than evens at lasting another decade right now.

@cwebber @sl007 If only we had a robust, reusable DHT infrastructure & libraries. Tor seems to be the only thing going at the moment; Telehash looks abandoned, and services like Twister are using their own modified versions of the Bitcoin codebase that probably won't scale or stand up to any kind of attack.

@cwebber I have some ideas for superseding keys in the case of revocation, upgrade, etc.

@cwebber I don't understand much about the details of DNS and security certificates, but I do know that I don't like the process of obtaining them.

Currently, I try to avoid renting domains, but sometimes I need to and use Let's Encrypt certificates.

So yeah! Off with their heads! 👨‍🌾

I wonder if handshake.org/ will help on this...

@sirgazil @cwebber I know it sounds like silly self-promotion coming from a developer of this project, but one part of gnunet is really just having that solved (DNS) and having a replacement. It's just that we need to explain all of this better in layman's terms and put 0.11.0 out there.
Even I myself didn't have full time to read up on the recent changes in GNS and what it practically means for DNS->GNS imports and usage.
@sirgazil @cwebber Handshake, from the looks of its website, gives away the impression of something to look into, but every mention of coins makes me suspicious.

@ng0 @sirgazil I've read up on GNS, but think GNS may be doing petnames wrong in one fundamental way. I guess I should write that up?

@cwebber @sirgazil
Which part did you read? Because I remember being told that IPFS exists because they didn't find the correct GNS documentation or something along those lines.

the fundamental thing about GNS and gnunet in general is that most people pick up old, oudated, or wrong documentation. We're (well: I) seriously lagging behind in updating the content. Takes a while to read the code, the papers, the existing docs and update.
I think the most up to date is on docs.gnunet.org, not so well advertised :/

What's fundamental wrong? I mean, if you have criticism on it or questions, I think the main implementors are happy to receive it on the mailinglist.

@cwebber @ng0 I would be very interested to read your critique on GNS. If you don't want to do a whole write-up, you could just send a mail to lists.gnu.org/mailman/listinfo

@ng0 I don't mind self-promotion :)

Actually, I've been wanting to try gnunet for a long time, but haven't had the time to do so.

@cwebber

About the SSL I agree the whole process is too much when all you want is to encrypt your traffic.

But the idea of having CA that are authenticating the website as belonging to the right company /individual is difficult without centralisation and trusting that/those central authorities.

Sure we could build a web of trust but that will still be centralized in the end.

@cwebber
Exactly! This is why we need a decentralized type of DNS that *we* can control. But how? I recall reading that you couldn't have it all: meaningful, decentralized, and some other thing... :blobconfused: I forgot the rest.

Where to put such a directory? Will a DHT be enough?

Maybe fully distributed is too hard of a goal and we should just sim for decentralized, with supernodes and all that?

Then it looks like a chicken and egg problem... :blob_dizzy_face:

@cwebber Viewing DNS as a rent-seeking mechanism hadn't occurred to me before, but now that you mention it it becomes obvious. I've mostly thought of it as an administrative fee, but everyone up the chain turns a profit and are free to with everyone below them as they please..
Sign in to participate in the conversation
Octodon

Octodon is a nice general purpose instance. more