From: Bill Manning, Friday, June 12, 2009 10:32 AM
On Fri, Jun 12, 2009 at 03:55:05PM +0100, Sabahattin Gucukoglu wrote:
Silly question, I'm sure - any chance of putting the DNS into a
gigantic DHT and spreading the entry nodes liberally about the
planet?
Cheers,
Sabahattin
PS: No political agenda implied.
been proposed quite a few times over the years in one
form or another.
It is indeed technically possible to develop a worldwide distributed service --
check http://en.wikipedia.org/wiki/PNRP for an example. However, a pure P2P
implementation immediately bumps against the question of authority. Who gets to
publish the address for www.example.com"? I you allow "anybody", the system can
become really unreliable. If you request a certificate to "certify" the
publishing, you get all the generic PKI issues, e.g. who to trust, etc., and
you end up with a system that is not much more P2P than the DNS.
The only "secure" solution that we could deploy uses large numbers instead of
names, where the number is essentially a hash of a self-signed certificate.
That works, for some definition of working: if you know what number to
retrieve, you will get an authoritative answer. But that means using large
numbers instead of short friendly names, and thus is not very "user-friendly".
-- Christian Huitema
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf