DNS and the
Future of Authenticity
Indolering • 2015
The Importance of DNS
Title Text
Subtitle
DNSSEC: DNS as PKI
- Significant security benefits for traditional domains:
- Prevents range of MITM attacks.
- Application level encryption (HTTPS, SSH, GPG, ...).
- Network level encryption (TCPCrypt).
- DANE/TLSA >= CA Certs
- Key pinning and triangulation (e.g. TACK, Convergence, WoT) can be applied to DNSSEC.
-
Vital to decentralized DNS:
- Universal interface for communicating cryptographic information.
Namecoin: Past & Present
- Released in 2011, development stalled 2012-2014.
- 2014:
- Transition development team.
- Overhaul infrastructure.
- Lost lead dev to brain stroke.
- Libcoin "rebase" attempt.
- 2014 - 2015:
- Reimplemented on mainline Bitcoin.
- Maintaining parity.
- Migrating to Armory for domain management.
- Standards, etc.
Namecoin: Future
- Dynamic Domain Pricing
- Secure against censorship attacks without relying on external information.
- Improve flexibility when reliable external information is available.
- Lightweight Name Resolvers
- Block headers and coinbase commitments.
- <100 MB of local storage, ~256K daily download.
- Trustless, no need to check multiple peers.
- 51% attacker trick a lightweight resolver into accepting an old (but previously valid) DNS record for a couple hours every few weeks.
Namecoin: Future
- Sidechain?
- Improves security of Namecoin.
- Improves anonymity.
- ZeroCash?
- Improves anonymity.
- We could replace it in the future.
DPoS, BitShares, & .p2p
-
Different security and censorship parameters.
- Remove bad actors.
- Delegates introduce liability concerns.
- .P2P Basically Dead
- Diverted funding to core development.
- Possible avenue for commercialization.
Conclusion
- DNSSEC is coming!
- Makes everything more secure.
- DANE will lead to the collapse of CA's.
- Money will pour into DNS managed services.
- Namecoin's architecture is ideally suited for DNS.
- Hard part isn't creating a key value datastore.
- Sharing codebase & miners with Bitcoin improves security and censorship resistance.
- Needs funding, volunteers, and support from academia.
∴ Always bet on DNS!
DNS and the Future of Authenticy
By Zach Lym
DNS and the Future of Authenticy
- 825