Follow

If Brexit happens, every brit with a .eu domain will probably lose it [german article, via @sl007] heise.de/newsticker/meldung/Br

Oh hi yes hello, have we talked yet about why DNS is bad and we shouldn't be relying on it for our decentralized networks?

BTW, here is another way to put it, since I think many people here haven't thought about how problematic DNS / SSL CAs are:

1) With DNS, you DO NOT own/control your domain; you lease/rent it. And your landlord can take it away at any time (and this does happen).

(cotd ...)

2) The reason DNS/SSL are so hard is *because* of the coordination with central authorities.
3) If your address was your key fingerprint, no need for a CA; you already know how to make a secure connection (why .onion does not need https)
4) SSL CAs are as weak as the *weakest* CA in your CA list. It only takes one badly acting CA for you to be man in the middled.
5) DNS and SSL CAs centralize the otherwise decentralized fediverse.

Down with DNS, down with SSL CA cartels.

@cwebber @sl007 Woah - I hadn't even considered this. I don't have any .eu domains myself but this will be pretty huge for others in Britain that do.

@cwebber DNS is fine actually, it's the root zone which is the issue

@tomas but the root zone is key to dns's selection of human meaningful and globally unique/secure! en.wikipedia.org/wiki/Zooko%27

@tomas which is to say, we can get rid of the root zone and have a good naming system, but then it won't be human meaningful on its own (time for petnames!)

@cwebber I'm more getting at the politics of the thing.
Petnames sounds a bit like TOFU but for domain names? And also a bit like RES tagging users on Reddit..
@cwebber Is Ben Shapiro's name supposed to be in there? Either way, this idea has potential! So far I've been dealing with the .onion domain problem by bookmarking, but that approach is obviously limited to the Web. In a world of single-user self-hosted things it would be useful to only have to provide a petname for foobar.onion once and have it appear the same in my XMPP client, email client, Web client and so on.

@cwebber @sl007 .eu is still pretty obscure, just wait until the break up of the UK and .uk disappears!

@stardot Precisely. It's a pity .scot domains are 10x the price of .uk ones otherwise I'd have future proofed myself already.

@cwebber @sl007

@edavies @cwebber @sl007 my entire digital life is linked to my .uk email address. I really should start thinking about changing that before I have to..

@stardot @edavies @sl007 ack... though .uk is not under threat right now, .eu is for uk citizens :)

@cwebber @edavies @sl007 it'll be next up, depends how quickly #indyref2 picks up steam after Brexit, whether peace in Ireland holds. It was on the cards even before Brexit, I wouldn't give it more than evens at lasting another decade right now.

@cwebber @sl007 If only we had a robust, reusable DHT infrastructure & libraries. Tor seems to be the only thing going at the moment; Telehash looks abandoned, and services like Twister are using their own modified versions of the Bitcoin codebase that probably won't scale or stand up to any kind of attack.

@cwebber I have some ideas for superseding keys in the case of revocation, upgrade, etc.

@cwebber

About the SSL I agree the whole process is too much when all you want is to encrypt your traffic.

But the idea of having CA that are authenticating the website as belonging to the right company /individual is difficult without centralisation and trusting that/those central authorities.

Sure we could build a web of trust but that will still be centralized in the end.

@cwebber
Exactly! This is why we need a decentralized type of DNS that *we* can control. But how? I recall reading that you couldn't have it all: meaningful, decentralized, and some other thing... :blobconfused: I forgot the rest.

Where to put such a directory? Will a DHT be enough?

Maybe fully distributed is too hard of a goal and we should just sim for decentralized, with supernodes and all that?

Then it looks like a chicken and egg problem... :blob_dizzy_face:

@cwebber Viewing DNS as a rent-seeking mechanism hadn't occurred to me before, but now that you mention it it becomes obvious. I've mostly thought of it as an administrative fee, but everyone up the chain turns a profit and are free to with everyone below them as they please..
Sign in to participate in the conversation
Octodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!