Okay, so the people who are working on various aspects of the problem of decentralized replacement for DNS can keep working, and the people who think that decentralized replacement for DNS is not possible or not worthwhile can keep thinking that. If there's something by way of decentralized DNS replacement good enough early enough to be included in the first release of freedom box, great, if not, fine. If not, then whenever (if ever) a decentralized DNS replacement emerges, it can be integrated into freedom box. In the meanwhile, we can implement a decentralized non-memorizeable system of addressing based on public keys, and use that optionally in parallel with regular DNS. I really think that non-memorizeable addresses are fine for most purposes, though clearly less than ideal. Since the address itself doesn't make representations about the person behind it, those claims are made in the actual body of the publicly accessible page. And these unwieldy names can be unauthenticated initially, until they are authenticated by a web of trust or ZRTP-style voice authentication. You can still send someone such an address electronically no problem. Also, you can find it by search. Imagine that you're looking for someone named John Doe. You type John Doe into the person search bar of the interface you use to interact with your freedom box. It contacts a web search engine and does a search for John Doe and the appropriate markup. It displays the results, you pick out the one claiming to be the John Doe you're looking for, and you contact him. Authentication can take place at a later time. And a human meaningful name can be assigned (by the person or by you) which your local agent can map to the unwieldy address (the petname approach). Realistically, we already rely on this all the time; a cellphone for example gives you a menu to choose between people whose actual routing addresses (phone numbers) it has remembered for you. Optionally, John Doe might also have a plain old domain name, which he can give you on a slip of paper at a party, which points to the same place as the non-memorizeable address. Again, since you don't trust the DNS provider as far as you can throw it, you'll authenticate in some way outside of the addressing. If we are going to place reliance on DNS, we would do well to make some arrangements for some DNS providers that are friendly to our needs (as people have been talking about what those are). I see these as being at least a subset of the desirable attributes for a "freedom-friendly" DNS provider: 1. Is incorporated and physically served out of a jurisdiction with relatively friendly laws. 2. Is committed to continue operating long haul. 3. Keeps no logs at all for longer than say, a week. 4. Will respond to any request for either information or denial of service which is not legally compulsory by saying shove off and informing the customer. 5. Will respond to any request for either information or denial of service which is legally compulsory by waiting the longest legal amount of time before complying and immediately informing the customer, unless not able to legally inform the customer. 6. If not able to legally inform the customer, will fight in legal channels for the freedom to inform the customer. 7. All of this is spelled out in a legally binding service agreement. But additionally, in order for people to have their own domains, it needs to cost way less in terms of both money and, more importantly, hassle than it currently does. Whatever arrangements we make for freedom box friendly DNS service should involve costing almost no to no money ($15 per year or whatever isn't a lot, but it is a lot compared to the unfree services which people are currently using completely free of charge). Maybe the cost of the first 10 years of DNS service from one of a whole list of participating service providers should be rolled up into the price of the device? Just a thought. Appropriate arrangements should also involve extremely low hassle domain registration. Something like, you choose a provider from a pull down menu, or type in one that you know about, type in your desired second (or lower) level domain, and hit enter, and it automatically contacts the provider, registers the domain, and points it to your box. Do people think that could be possible? Perhaps using lower level domains, as some have suggested? But more important, I think, than trying to find a good provider is to make it as easy as possible for people to switch from misbehaving providers. One feature that would help tremendously (especially if we're going to create a system of almost or completely free of charge, easy to register subdomains), one feature which a few people have already proposed, is a machine language for your box, using the proper cryptographic credentials, to inform your friends that you, who used to be found at foo.example.com, will now be found at foo.bar.net. In other words, your real identity as far as your friends are concerned is your key. Your domain name is just a way for your friends to find you in the network. If your domain name has changed, why should you need to tell your actual human friends about this. Just tell their boxes and let them take care of it. I wish I already had this feature for email. If I have an email address boaz@example.com, and example.com does something to upset me, and I hate example.com, and I never want to have any further dealings with those bastards at example.com, there's nothing I can do. I've already told three hundred people who I want to be able to contact me for all time, that my address is boaz@example.com. I'll have to keep monitoring boaz@example.com forever. Unless I want to do one of these terrible mass mailings that everyone hates (I've received several of these, and it's a sorry sight). _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE