If Brexit happens, every brit with a .eu domain will probably lose it [german article, via @sl007] heise.de/newsticker/meldung/Br

Oh hi yes hello, have we talked yet about why DNS is bad and we shouldn't be relying on it for our decentralized networks?

BTW, here is another way to put it, since I think many people here haven't thought about how problematic DNS / SSL CAs are:

1) With DNS, you DO NOT own/control your domain; you lease/rent it. And your landlord can take it away at any time (and this does happen).

(cotd ...)


2) The reason DNS/SSL are so hard is *because* of the coordination with central authorities.
3) If your address was your key fingerprint, no need for a CA; you already know how to make a secure connection (why .onion does not need https)
4) SSL CAs are as weak as the *weakest* CA in your CA list. It only takes one badly acting CA for you to be man in the middled.
5) DNS and SSL CAs centralize the otherwise decentralized fediverse.

Down with DNS, down with SSL CA cartels.

@cwebber I have some ideas for superseding keys in the case of revocation, upgrade, etc.

@cwebber I don't understand much about the details of DNS and security certificates, but I do know that I don't like the process of obtaining them.

Currently, I try to avoid renting domains, but sometimes I need to and use Let's Encrypt certificates.

So yeah! Off with their heads! 👨‍🌾

I wonder if handshake.org/ will help on this...

@sirgazil @cwebber I know it sounds like silly self-promotion coming from a developer of this project, but one part of gnunet is really just having that solved (DNS) and having a replacement. It's just that we need to explain all of this better in layman's terms and put 0.11.0 out there.
Even I myself didn't have full time to read up on the recent changes in GNS and what it practically means for DNS->GNS imports and usage.
@sirgazil @cwebber Handshake, from the looks of its website, gives away the impression of something to look into, but every mention of coins makes me suspicious.

@ng0 @sirgazil I've read up on GNS, but think GNS may be doing petnames wrong in one fundamental way. I guess I should write that up?

@cwebber @sirgazil
Which part did you read? Because I remember being told that IPFS exists because they didn't find the correct GNS documentation or something along those lines.

the fundamental thing about GNS and gnunet in general is that most people pick up old, oudated, or wrong documentation. We're (well: I) seriously lagging behind in updating the content. Takes a while to read the code, the papers, the existing docs and update.
I think the most up to date is on docs.gnunet.org, not so well advertised :/

What's fundamental wrong? I mean, if you have criticism on it or questions, I think the main implementors are happy to receive it on the mailinglist.

@cwebber @ng0 I would be very interested to read your critique on GNS. If you don't want to do a whole write-up, you could just send a mail to lists.gnu.org/mailman/listinfo

@ng0 I don't mind self-promotion :)

Actually, I've been wanting to try gnunet for a long time, but haven't had the time to do so.


About the SSL I agree the whole process is too much when all you want is to encrypt your traffic.

But the idea of having CA that are authenticating the website as belonging to the right company /individual is difficult without centralisation and trusting that/those central authorities.

Sure we could build a web of trust but that will still be centralized in the end.

Exactly! This is why we need a decentralized type of DNS that *we* can control. But how? I recall reading that you couldn't have it all: meaningful, decentralized, and some other thing... :blobconfused: I forgot the rest.

Where to put such a directory? Will a DHT be enough?

Maybe fully distributed is too hard of a goal and we should just sim for decentralized, with supernodes and all that?

Then it looks like a chicken and egg problem... :blob_dizzy_face:

Sign in to participate in the conversation

Octodon is a nice general purpose instance. more